Sujet Précédent Sujet Suivant

Je pense que je suis tomber dans les bras d un hacker

Résolu/Fermé
eko - 20 avril 2013 à 20:32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 21 avril 2013 à 22:55
j aivai telecharger un fchier cracke suspect et depuis de temps en temps un logiciel nome xmax souvre tout seul et se bug . je le ferme alt f4 alors que mtn en me dit que quelqun se connecte a mon compte personel de virtual visa card depuis le brazile ou spain . aidez moi comment netoyer mon pc de tout virus et le proteger specialment de se genre de virus . tout en evitent de formater .

et desole pour mon francai xd

27 réponses

  • 1
  • 2
Réponse 1 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 20:35
Salut,

Bah c'est malin, que ça te serve de leçon.
ça pue le stealer. Faudra changer tes mots de passe quand la désinfection sera terminée.

▶ Télécharge ici : RogueKiller
▶ Enregistre et ferme tous les programmes en cours
▶ Lance RogueKiller et attend que le Prescan ait fini
▶ Accepte l'EULA puis clique sur Scan.
▶ Une fois terminé, clique sur Rapport et copie/colle le rapport dans ta prochaine réponse.
0
Réponse 2 / 27
eko
20 avril 2013 à 20:53
quand je lance roguekiller mon pcredemar. et j recois des ereur chiant
0
Réponse 3 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 20:55
Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

Ferme les fenêtres de tous les programmes en cours.
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

Si tu es sur Windows XP, laisse-le installer la console de récupération.

▶ Ne touche à rien durant le scan

ComboFix devrait redémarrer ton PC.

▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.


▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
0
Réponse 4 / 27
eko
20 avril 2013 à 22:21
j ai telecharger et lancer combofix toujour des soucis avec internet maime si je redemare et tou ce que j ai trouver sur mon bureaux c se long raport do rougue killer j pense




[00:00:0000] ***** Global Init *****
[00:00:0000] Has crashed before : Yes
[00:00:0000] Create mutex : RogueKiller
[00:00:0000] Mutex Created : 0x1b4
[00:00:0000] Fill lists
[00:00:0000] OS Language : French
[00:00:0000] Take Privileges
[00:00:0016] Modify Token
[00:00:0016] Set priority to HIGH
[00:00:0016] Getting Operating System
[00:00:0016] Os Getted : Windows XP (5.1.2600 Service Pack 3) 32 bits version
[00:00:0016] ***** Global Init OK *****
[00:00:0016] ***** GUI Init *****
[00:00:0016] Get build number
[00:00:0016] build number : RogueKiller(TM) v8.5.4 [Mar 18 2013] (x64 : No)
[00:00:0125] ***** GUI Init OK *****
[00:00:0141] ***** PreScan *****
[00:00:0141] Clear ListViews
[00:00:0141] Clear Objects : 0x0
[00:00:0141] Enum Windows
[00:00:0156] [Check Window] Eula - Please read
[00:00:0172] [Check Window] Debug log sending
[00:00:0172] [Check Window] Menu Démarrer
[00:00:0172] [Check Window] CiceroUIWndFrame
[00:00:0172] [Check Window] SysFader
[00:00:0172] [Check Window] Restauration de session
[00:00:0172] [Check Window] CiceroUIWndFrame
[00:00:0172] [Check Window] TF_FloatingLangBar_WndTitle
[00:00:0172] [Check Window] DivX Update
[00:00:0172] [Check Window] RogueKiller(TM) v8.5.4
[00:00:0172] [Check Window] Téléchargements
[00:00:0172] [Check Window] Native KiesPDLR
[00:00:0172] [Check Window] Internet Mobile+
[00:00:0172] [Check Window] MCI command handling window
[00:00:0172] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.ea7aec.0
[00:00:0172] [Check Window] Adobe Reader Updater - Adobe Reader (10.1.0)
[00:00:0172] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.2e65425.0
[00:00:0172] [Check Window] nsAppShell:EventWindow
[00:00:0172] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.bf7771.0
[00:00:0172] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
[00:00:0188] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
[00:00:0188] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
[00:00:0188] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
[00:00:0188] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
[00:00:0188] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
[00:00:0188] [Check Window] .NET-BroadcastEventWindow.2.0.0.0.33c0d9d.0
[00:00:0188] [Check Window] WinAMRestoreWnd
[00:00:0188] [Check Window] Connections Tray
[00:00:0188] [Check Window] HelperMsgListenerWnd
[00:00:0188] [Check Window] Jauge d'énergie
[00:00:0188] [Check Window] MS_WebcheckMonitor
[00:00:0188] [Check Window] MCI command handling window
[00:00:0188] [Check Window] KiesTrayAgent
[00:00:0188] [Check Window] DivXUpdate
[00:00:0188] [Check Window] Updater Error
[00:00:0188] [Check Window] DivX Update
[00:00:0188] [Check Window] DivXIPCWindowName
[00:00:0188] [Check Window] SMax4PNP
[00:00:0188] [Check Window] PersistWndName
[00:00:0203] [Check Window] HkWndName
[00:00:0203] [Check Window] PlusService
[00:00:0203] [Check Window] LOGITECH_MOUSEWARE_X_CLASS
[00:00:0203] [Check Window] igfxtrayWindow
[00:00:0203] [Check Window] AEBalloonTip
[00:00:0203] [Check Window] GDI+ Window
[00:00:0203] [Check Window] GDI+ Window
[00:00:0203] [Check Window] GDI+ Window
[00:00:0203] [Check Window] GDI+ Window
[00:00:0219] [Check Window] GDI+ Window
[00:00:0219] [Check Window] GDI+ Window
[00:00:0219] [Check Window] GDI+ Window
[00:00:0219] [Check Window] GDI+ Window
[00:00:0219] [Check Window] GDI+ Window
[00:00:0219] [Check Window] Je pense que je suis tomber dans les bras d un hacker | CommentCaMarche - Mozilla Firefox
[00:00:0219] [Check Window] SysFader
[00:00:0219] [Check Window] Program Manager
[00:00:0219] [Check Window] M
[00:00:0219] [Check Window] Default IME
[00:00:0219] [Check Window] M
[00:00:0219] [Check Window] Default IME
[00:00:0235] [Check Window] M
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] M
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] M
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] M
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0235] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0281] [Check Window] Default IME
[00:00:0281] [Check Window] Default IME
[00:00:0281] [Check Window] Default IME
[00:00:0281] [Check Window] Default IME
[00:00:0281] [Check Window] Default IME
[00:00:0281] [Check Window] M
[00:00:0281] [Check Window] Default IME
[00:00:0297] [Check Window] M
[00:00:0297] [Check Window] Default IME
[00:00:0297] [Check Processes] Service PID : 992
[00:01:0719] [Check Processes] [0][_0] [System Process] :
[00:01:0719] [CHECK] WhiteDLL
[00:01:0719] [CHECK] WellKnown
[00:01:0719] [Check Processes] [4][_0] System :
[00:01:0719] [CHECK] WhiteDLL
[00:01:0719] [CHECK] WellKnown
[00:01:0719] [Check Processes] [876][_4] smss.exe : C:\WINDOWS\System32\smss.exe
[00:01:0719] [CHECK] WhiteDLL
[00:01:0719] [CHECK] WellKnown
[00:01:0719] [Check Processes] [924][_876] csrss.exe : C:\WINDOWS\system32\csrss.exe
[00:01:0719] [CHECK] WhiteDLL
[00:01:0719] [CHECK] WellKnown
[00:01:0719] [Check Processes] [948][_876] winlogon.exe : C:\WINDOWS\system32\winlogon.exe
[00:01:0719] [CHECK] WhiteDLL
[00:01:0719] [CHECK] WellKnown
[00:01:0719] [Check Processes] [992][_948] services.exe : C:\WINDOWS\system32\services.exe
[00:01:0719] [CHECK] WhiteDLL
[00:01:0719] [CHECK] WellKnown
[00:01:0719] [Check Processes] [1004][_948] savedump.exe : C:\WINDOWS\system32\savedump.exe
[00:01:0719] [CHECK] WhiteDLL
[00:01:0719] [CHECK] WellKnown
[00:01:0719] [CHECK] HijackName
[00:01:0719] [CHECK] Signature
[00:01:0735] [CHECK] Patterns
[00:01:0735] [CHECK] Blacklist
[00:01:0735] [CHECK] BlacklistPath
[00:01:0735] [CHECK] BlacklistMD5
[00:01:0735] [CHECK] MadeNumbers
[00:01:0735] [CHECK] SuspPath
[00:01:0735] [CHECK] PrevRun
[00:01:0735] [CHECK] Not found!
[00:01:0735] [Check Processes] [1012][_948] lsass.exe : C:\WINDOWS\system32\lsass.exe
[00:01:0735] [CHECK] WhiteDLL
[00:01:0735] [CHECK] WellKnown
[00:01:0735] [Check Processes] [1176][_992] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:01:0735] [CHECK] WhiteDLL
[00:01:0735] [CHECK] WellKnown
[00:01:0735] [Check Processes] [1264][_992] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:01:0735] [CHECK] WhiteDLL
[00:01:0735] [CHECK] WellKnown
[00:01:0735] [Check Processes] [1304][_992] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:01:0735] [CHECK] WhiteDLL
[00:01:0735] [CHECK] WellKnown
[00:01:0735] [Check Processes] [1348][_992] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:01:0735] [CHECK] WhiteDLL
[00:01:0735] [CHECK] WellKnown
[00:01:0750] [Check Processes] [1404][_992] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:01:0750] [CHECK] WhiteDLL
[00:01:0750] [CHECK] WellKnown
[00:01:0750] [Check Processes] [1476][_992] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:01:0750] [CHECK] WhiteDLL
[00:01:0750] [CHECK] WellKnown
[00:01:0750] [Check Processes] [1632][_992] spoolsv.exe : C:\WINDOWS\system32\spoolsv.exe
[00:01:0750] [CHECK] WhiteDLL
[00:01:0750] [CHECK] WellKnown
[00:01:0750] [Check Processes] [1720][_992] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:01:0750] [CHECK] WhiteDLL
[00:01:0750] [CHECK] WellKnown
[00:01:0750] [Check Processes] [1752][_992] AppleMobileDeviceService.exe : C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
[00:01:0750] [CHECK] WhiteDLL
[00:01:0750] [CHECK] WellKnown
[00:01:0750] [CHECK] HijackName
[00:01:0750] [CHECK] Signature
[00:01:0750] [CHECK] Patterns
[00:01:0750] [CHECK] Blacklist
[00:01:0750] [CHECK] BlacklistPath
[00:01:0750] [CHECK] BlacklistMD5
[00:01:0750] [CHECK] MadeNumbers
[00:01:0750] [CHECK] SuspPath
[00:01:0750] [CHECK] PrevRun
[00:01:0750] [CHECK] Not found!
[00:01:0750] [Check Processes] [1776][_992] mDNSResponder.exe : C:\Program Files\Bonjour\mDNSResponder.exe
[00:01:0750] [CHECK] WhiteDLL
[00:01:0750] [CHECK] WellKnown
[00:01:0750] [CHECK] HijackName
[00:01:0750] [CHECK] Signature
[00:01:0766] [CHECK] Patterns
[00:01:0766] [CHECK] Blacklist
[00:01:0766] [CHECK] BlacklistPath
[00:01:0766] [CHECK] BlacklistMD5
[00:01:0766] [CHECK] MadeNumbers
[00:01:0766] [CHECK] SuspPath
[00:01:0766] [CHECK] PrevRun
[00:01:0766] [CHECK] Not found!
[00:01:0766] [Check Processes] [1824][_992] DCService.exe : C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
[00:01:0766] [CHECK] WhiteDLL
[00:01:0766] [CHECK] WellKnown
[00:01:0766] [Check Processes] [1912][_992] hsswd.exe : C:\Program Files\Hotspot Shield\bin\hsswd.exe
[00:01:0766] [CHECK] WhiteDLL
[00:01:0766] [CHECK] WellKnown
[00:01:0766] [CHECK] HijackName
[00:01:0766] [CHECK] Signature
[00:01:0781] [CHECK] Patterns
[00:01:0781] [CHECK] Blacklist
[00:01:0781] [CHECK] BlacklistPath
[00:01:0781] [CHECK] BlacklistMD5
[00:01:0781] [CHECK] MadeNumbers
[00:01:0781] [CHECK] SuspPath
[00:01:0781] [CHECK] PrevRun
[00:01:0781] [CHECK] Not found!
[00:01:0781] [Check Processes] [1932][_992] jqs.exe : C:\Program Files\Java\jre7\bin\jqs.exe
[00:01:0781] [CHECK] WhiteDLL
[00:01:0781] [CHECK] WellKnown
[00:01:0781] [CHECK] HijackName
[00:01:0781] [CHECK] Signature
[00:01:0781] [CHECK] Patterns
[00:01:0781] [CHECK] Blacklist
[00:01:0781] [CHECK] BlacklistPath
[00:01:0781] [CHECK] BlacklistMD5
[00:01:0781] [CHECK] MadeNumbers
[00:01:0781] [CHECK] SuspPath
[00:01:0781] [CHECK] PrevRun
[00:01:0781] [CHECK] Not found!
[00:01:0781] [Check Processes] [124][_992] svchost.exe : C:\WINDOWS\system32\svchost.exe
[00:01:0781] [CHECK] WhiteDLL
[00:01:0781] [CHECK] WellKnown
[00:01:0781] [Check Processes] [276][_1304] wuauclt.exe : C:\WINDOWS\system32\wuauclt.exe
[00:01:0797] [CHECK] WhiteDLL
[00:01:0797] [CHECK] WellKnown
[00:01:0797] [Check Processes] [744][_704] explorer.exe : C:\WINDOWS\explorer.exe
[00:01:0797] [Check DLLs] Explorer.EXE : C:\WINDOWS\Explorer.EXE
[00:01:0797] [Check DLLs] ntdll.dll : C:\WINDOWS\system32\ntdll.dll
[00:01:0797] [CHECK] WhiteDLL
[00:01:0797] [CHECK] WellKnown
[00:01:0797] [CHECK] HijackName
[00:01:0797] [CHECK] Signature
[00:01:0813] [CHECK] Patterns
[00:01:0813] [CHECK] Blacklist
[00:01:0813] [CHECK] BlacklistPath
[00:01:0813] [CHECK] BlacklistMD5
[00:01:0813] [CHECK] MadeNumbers
[00:01:0813] [CHECK] SuspPath
[00:01:0813] [CHECK] PrevRun
[00:01:0813] [CHECK] Not found!
[00:01:0813] [Check DLLs] kernel32.dll : C:\WINDOWS\system32\kernel32.dll
[00:01:0813] [CHECK] WhiteDLL
[00:01:0813] [CHECK] WellKnown
[00:01:0813] [CHECK] HijackName
[00:01:0813] [CHECK] Signature
[00:01:0828] [CHECK] Patterns
[00:01:0828] [CHECK] Blacklist
[00:01:0828] [CHECK] BlacklistPath
[00:01:0828] [CHECK] BlacklistMD5
[00:01:0844] [CHECK] MadeNumbers
[00:01:0844] [CHECK] SuspPath
[00:01:0844] [CHECK] PrevRun
[00:01:0844] [CHECK] Not found!
[00:01:0844] [Check DLLs] ADVAPI32.dll : C:\WINDOWS\system32\ADVAPI32.dll
[00:01:0844] [CHECK] WhiteDLL
[00:01:0844] [CHECK] WellKnown
[00:01:0844] [CHECK] HijackName
[00:01:0844] [CHECK] Signature
[00:01:0860] [CHECK] Patterns
[00:01:0860] [CHECK] Blacklist
[00:01:0860] [CHECK] BlacklistPath
[00:01:0860] [CHECK] BlacklistMD5
[00:01:0860] [CHECK] MadeNumbers
[00:01:0860] [CHECK] SuspPath
[00:01:0860] [CHECK] PrevRun
[00:01:0860] [CHECK] Not found!
[00:01:0860] [Check DLLs] RPCRT4.dll : C:\WINDOWS\system32\RPCRT4.dll
[00:01:0860] [CHECK] WhiteDLL
[00:01:0860] [CHECK] WellKnown
[00:01:0860] [CHECK] HijackName
[00:01:0860] [CHECK] Signature
[00:01:0875] [CHECK] Patterns
[00:01:0875] [CHECK] Blacklist
[00:01:0875] [CHECK] BlacklistPath
[00:01:0875] [CHECK] BlacklistMD5
[00:01:0875] [CHECK] MadeNumbers
[00:01:0875] [CHECK] SuspPath
[00:01:0875] [CHECK] PrevRun
[00:01:0875] [CHECK] Not found!
[00:01:0875] [Check DLLs] Secur32.dll : C:\WINDOWS\system32\Secur32.dll
[00:01:0875] [CHECK] WhiteDLL
[00:01:0875] [CHECK] WellKnown
[00:01:0875] [CHECK] HijackName
[00:01:0875] [CHECK] Signature
[00:01:0891] [CHECK] Patterns
[00:01:0891] [CHECK] Blacklist
[00:01:0891] [CHECK] BlacklistPath
[00:01:0891] [CHECK] BlacklistMD5
[00:01:0891] [CHECK] MadeNumbers
[00:01:0891] [CHECK] SuspPath
[00:01:0891] [CHECK] PrevRun
[00:01:0891] [CHECK] Not found!
[00:01:0891] [Check DLLs] BROWSEUI.dll : C:\WINDOWS\system32\BROWSEUI.dll
[00:01:0891] [CHECK] WhiteDLL
[00:01:0891] [CHECK] WellKnown
[00:01:0891] [CHECK] HijackName
[00:01:0891] [CHECK] Signature
[00:01:0906] [CHECK] Patterns
[00:01:0906] [CHECK] Blacklist
[00:01:0906] [CHECK] BlacklistPath
[00:01:0906] [CHECK] BlacklistMD5
[00:01:0906] [CHECK] MadeNumbers
[00:01:0906] [CHECK] SuspPath
[00:01:0906] [CHECK] PrevRun
[00:01:0906] [CHECK] Not found!
[00:01:0906] [Check DLLs] GDI32.dll : C:\WINDOWS\system32\GDI32.dll
[00:01:0906] [CHECK] WhiteDLL
[00:01:0906] [CHECK] WellKnown
[00:01:0906] [CHECK] HijackName
[00:01:0922] [CHECK] Signature
[00:01:0922] [CHECK] Patterns
[00:01:0922] [CHECK] Blacklist
[00:01:0922] [CHECK] BlacklistPath
[00:01:0922] [CHECK] BlacklistMD5
[00:01:0922] [CHECK] MadeNumbers
[00:01:0922] [CHECK] SuspPath
[00:01:0922] [CHECK] PrevRun
[00:01:0922] [CHECK] Not found!
[00:01:0922] [Check DLLs] USER32.dll : C:\WINDOWS\system32\USER32.dll
[00:01:0922] [CHECK] WhiteDLL
[00:01:0922] [CHECK] WellKnown
[00:01:0922] [CHECK] HijackName
[00:01:0922] [CHECK] Signature
[00:01:0938] [CHECK] Patterns
[00:01:0938] [CHECK] Blacklist
[00:01:0938] [CHECK] BlacklistPath
[00:01:0938] [CHECK] BlacklistMD5
[00:01:0938] [CHECK] MadeNumbers
[00:01:0938] [CHECK] SuspPath
[00:01:0938] [CHECK] PrevRun
[00:01:0938] [CHECK] Not found!
[00:01:0938] [Check DLLs] msvcrt.dll : C:\WINDOWS\system32\msvcrt.dll
[00:01:0938] [CHECK] WhiteDLL
[00:01:0938] [CHECK] WellKnown
[00:01:0938] [CHECK] HijackName
[00:01:0938] [CHECK] Signature
[00:01:0953] [CHECK] Patterns
[00:01:0953] [CHECK] Blacklist
[00:01:0953] [CHECK] BlacklistPath
[00:01:0953] [CHECK] BlacklistMD5
[00:01:0953] [CHECK] MadeNumbers
[00:01:0953] [CHECK] SuspPath
[00:01:0953] [CHECK] PrevRun
[00:01:0953] [CHECK] Not found!
[00:01:0953] [Check DLLs] ole32.dll : C:\WINDOWS\system32\ole32.dll
[00:01:0953] [CHECK] WhiteDLL
[00:01:0953] [CHECK] WellKnown
[00:01:0953] [CHECK] HijackName
[00:01:0953] [CHECK] Signature
[00:01:0969] [CHECK] Patterns
[00:01:0969] [CHECK] Blacklist
[00:01:0969] [CHECK] BlacklistPath
[00:01:0969] [CHECK] BlacklistMD5
[00:01:0985] [CHECK] MadeNumbers
[00:01:0985] [CHECK] SuspPath
[00:01:0985] [CHECK] PrevRun
[00:01:0985] [CHECK] Not found!
[00:01:0985] [Check DLLs] SHLWAPI.dll : C:\WINDOWS\system32\SHLWAPI.dll
[00:01:0985] [CHECK] WhiteDLL
[00:01:0985] [CHECK] WellKnown
[00:01:0985] [CHECK] HijackName
[00:01:0985] [CHECK] Signature
[00:02:0000] [CHECK] Patterns
[00:02:0000] [CHECK] Blacklist
[00:02:0000] [CHECK] BlacklistPath
[00:02:0000] [CHECK] BlacklistMD5
[00:02:0016] [CHECK] MadeNumbers
[00:02:0016] [CHECK] SuspPath
[00:02:0016] [CHECK] PrevRun
[00:02:0016] [CHECK] Not found!
[00:02:0016] [Check DLLs] OLEAUT32.dll : C:\WINDOWS\system32\OLEAUT32.dll
[00:02:0016] [CHECK] WhiteDLL
[00:02:0016] [CHECK] WellKnown
[00:02:0016] [CHECK] HijackName
[00:02:0016] [CHECK] Signature
[00:02:0047] [CHECK] Patterns
[00:02:0047] [CHECK] Blacklist
[00:02:0047] [CHECK] BlacklistPath
[00:02:0047] [CHECK] BlacklistMD5
[00:02:0047] [CHECK] MadeNumbers
[00:02:0047] [CHECK] SuspPath
[00:02:0047] [CHECK] PrevRun
[00:02:0047] [CHECK] Not found!
[00:02:0047] [Check DLLs] SHDOCVW.dll : C:\WINDOWS\system32\SHDOCVW.dll
[00:02:0047] [CHECK] WhiteDLL
[00:02:0047] [CHECK] WellKnown
[00:02:0047] [CHECK] HijackName
[00:02:0047] [CHECK] Signature
[00:02:0110] [CHECK] Patterns
[00:02:0110] [CHECK] Blacklist
[00:02:0110] [CHECK] BlacklistPath
[00:02:0110] [CHECK] BlacklistMD5
[00:02:0125] [CHECK] MadeNumbers
[00:02:0125] [CHECK] SuspPath
[00:02:0125] [CHECK] PrevRun
[00:02:0125] [CHECK] Not found!
[00:02:0125] [Check DLLs] CRYPT32.dll : C:\WINDOWS\system32\CRYPT32.dll
[00:02:0125] [CHECK] WhiteDLL
[00:02:0125] [CHECK] WellKnown
[00:02:0125] [CHECK] HijackName
[00:02:0125] [CHECK] Signature
[00:02:0156] [CHECK] Patterns
[00:02:0156] [CHECK] Blacklist
[00:02:0156] [CHECK] BlacklistPath
[00:02:0156] [CHECK] BlacklistMD5
[00:02:0156] [CHECK] MadeNumbers
[00:02:0156] [CHECK] SuspPath
[00:02:0156] [CHECK] PrevRun
[00:02:0156] [CHECK] Not found!
[00:02:0172] [Check DLLs] MSASN1.dll : C:\WINDOWS\system32\MSASN1.dll
[00:02:0172] [CHECK] WhiteDLL
[00:02:0172] [CHECK] WellKnown
[00:02:0172] [CHECK] HijackName
[00:02:0172] [CHECK] Signature
[00:02:0172] [CHECK] Patterns
[00:02:0172] [CHECK] Blacklist
[00:02:0172] [CHECK] BlacklistPath
[00:02:0172] [CHECK] BlacklistMD5
[00:02:0188] [CHECK] MadeNumbers
[00:02:0188] [CHECK] SuspPath
[00:02:0188] [CHECK] PrevRun
[00:02:0188] [CHECK] Not found!
[00:02:0188] [Check DLLs] CRYPTUI.dll : C:\WINDOWS\system32\CRYPTUI.dll
[00:02:0188] [CHECK] WhiteDLL
[00:02:0188] [CHECK] WellKnown
[00:02:0188] [CHECK] HijackName
[00:02:0188] [CHECK] Signature
[00:02:0219] [CHECK] Patterns
[00:02:0219] [CHECK] Blacklist
[00:02:0219] [CHECK] BlacklistPath
[00:02:0219] [CHECK] BlacklistMD5
[00:02:0219] [CHECK] MadeNumbers
[00:02:0219] [CHECK] SuspPath
[00:02:0219] [CHECK] PrevRun
[00:02:0219] [CHECK] Not found!
[00:02:0219] [Check DLLs] NETAPI32.dll : C:\WINDOWS\system32\NETAPI32.dll
[00:02:0219] [CHECK] WhiteDLL
[00:02:0219] [CHECK] WellKnown
[00:02:0219] [CHECK] HijackName
[00:02:0219] [CHECK] Signature
[00:02:0250] [CHECK] Patterns
[00:02:0250] [CHECK] Blacklist
[00:02:0250] [CHECK] BlacklistPath
[00:02:0250] [CHECK] BlacklistMD5
[00:02:0250] [CHECK] MadeNumbers
[00:02:0250] [CHECK] SuspPath
[00:02:0250] [CHECK] PrevRun
[00:02:0250] [CHECK] Not found!
[00:02:0250] [Check DLLs] VERSION.dll : C:\WINDOWS\system32\VERSION.dll
[00:02:0250] [CHECK] WhiteDLL
[00:02:0250] [CHECK] WellKnown
[00:02:0250] [CHECK] HijackName
[00:02:0250] [CHECK] Signature
[00:02:0281] [CHECK] Patterns
[00:02:0281] [CHECK] Blacklist
[00:02:0281] [CHECK] BlacklistPath
[00:02:0297] [CHECK] BlacklistMD5
[00:02:0297] [CHECK] MadeNumbers
[00:02:0297] [CHECK] SuspPath
[00:02:0297] [CHECK] PrevRun
[00:02:0297] [CHECK] Not found!
[00:02:0297] [Check DLLs] WININET.dll : C:\WINDOWS\system32\WININET.dll
[00:02:0297] [CHECK] WhiteDLL
[00:02:0297] [CHECK] WellKnown
[00:02:0297] [CHECK] HijackName
[00:02:0297] [CHECK] Signature
[00:02:0406] [CHECK] Patterns
[00:02:0406] [CHECK] Blacklist
[00:02:0406] [CHECK] BlacklistPath
[00:02:0406] [CHECK] BlacklistMD5
[00:02:0406] [CHECK] MadeNumbers
[00:02:0406] [CHECK] SuspPath
[00:02:0422] [CHECK] PrevRun
[00:02:0422] [CHECK] Not found!
[00:02:0422] [Check DLLs] Normaliz.dll : C:\WINDOWS\system32\Normaliz.dll
[00:02:0422] [CHECK] WhiteDLL
[00:02:0422] [CHECK] WellKnown
[00:02:0422] [CHECK] HijackName
[00:02:0422] [CHECK] Signature
[00:02:0438] [CHECK] Patterns
[00:02:0438] [CHECK] Blacklist
[00:02:0438] [CHECK] BlacklistPath
[00:02:0438] [CHECK] BlacklistMD5
[00:02:0438] [CHECK] MadeNumbers
[00:02:0438] [CHECK] SuspPath
[00:02:0438] [CHECK] PrevRun
[00:02:0438] [CHECK] Not found!
[00:02:0438] [Check DLLs] urlmon.dll : C:\WINDOWS\system32\urlmon.dll
[00:02:0438] [CHECK] WhiteDLL
[00:02:0438] [CHECK] WellKnown
[00:02:0438] [CHECK] HijackName
[00:02:0438] [CHECK] Signature
[00:02:0563] [CHECK] Patterns
[00:02:0563] [CHECK] Blacklist
[00:02:0563] [CHECK] BlacklistPath
[00:02:0563] [CHECK] BlacklistMD5
[00:02:0578] [CHECK] MadeNumbers
[00:02:0578] [CHECK] SuspPath
[00:02:0578] [CHECK] PrevRun
[00:02:0578] [CHECK] Not found!
[00:02:0578] [Check DLLs] iertutil.dll : C:\WINDOWS\system32\iertutil.dll
[00:02:0578] [CHECK] WhiteDLL
[00:02:0578] [CHECK] WellKnown
[00:02:0578] [CHECK] HijackName
[00:02:0578] [CHECK] Signature
[00:02:0781] [CHECK] Patterns
[00:02:0797] [CHECK] Blacklist
[00:02:0797] [CHECK] BlacklistPath
[00:02:0797] [CHECK] BlacklistMD5
[00:02:0813] [CHECK] MadeNumbers
[00:02:0813] [CHECK] SuspPath
[00:02:0813] [CHECK] PrevRun
[00:02:0813] [CHECK] Not found!
[00:02:0813] [Check DLLs] WINTRUST.dll : C:\WINDOWS\system32\WINTRUST.dll
[00:02:0813] [CHECK] WhiteDLL
[00:02:0813] [CHECK] WellKnown
[00:02:0813] [CHECK] HijackName
[00:02:0813] [CHECK] Signature
[00:02:0844] [CHECK] Patterns
[00:02:0844] [CHECK] Blacklist
[00:02:0844] [CHECK] BlacklistPath
[00:02:0844] [CHECK] BlacklistMD5
[00:02:0844] [CHECK] MadeNumbers
[00:02:0844] [CHECK] SuspPath
[00:02:0844] [CHECK] PrevRun
[00:02:0844] [CHECK] Not found!
[00:02:0844] [Check DLLs] IMAGEHLP.dll : C:\WINDOWS\system32\IMAGEHLP.dll
[00:02:0844] [CHECK] WhiteDLL
[00:02:0844] [CHECK] WellKnown
[00:02:0844] [CHECK] HijackName
[00:02:0844] [CHECK] Signature
[00:02:0860] [CHECK] Patterns
[00:02:0860] [CHECK] Blacklist
[00:02:0860] [CHECK] BlacklistPath
[00:02:0860] [CHECK] BlacklistMD5
[00:02:0860] [CHECK] MadeNumbers
[00:02:0860] [CHECK] SuspPath
[00:02:0860] [CHECK] PrevRun
[00:02:0860] [CHECK] Not found!
[00:02:0860] [Check DLLs] WLDAP32.dll : C:\WINDOWS\system32\WLDAP32.dll
[00:02:0860] [CHECK] WhiteDLL
[00:02:0860] [CHECK] WellKnown
[00:02:0860] [CHECK] HijackName
[00:02:0860] [CHECK] Signature
[00:02:0875] [CHECK] Patterns
[00:02:0875] [CHECK] Blacklist
[00:02:0875] [CHECK] BlacklistPath
[00:02:0875] [CHECK] BlacklistMD5
[00:02:0875] [CHECK] MadeNumbers
[00:02:0875] [CHECK] SuspPath
[00:02:0875] [CHECK] PrevRun
[00:02:0875] [CHECK] Not found!
[00:02:0875] [Check DLLs] SHELL32.dll : C:\WINDOWS\system32\SHELL32.dll
[00:02:0875] [CHECK] WhiteDLL
[00:02:0875] [CHECK] WellKnown
[00:02:0875] [CHECK] HijackName
[00:02:0875] [CHECK] Signature
[00:03:0625] [CHECK] Patterns
[00:03:0625] [CHECK] Blacklist
[00:03:0625] [CHECK] BlacklistPath
[00:03:0625] [CHECK] BlacklistMD5
[00:03:0703] [CHECK] MadeNumbers
[00:03:0703] [CHECK] SuspPath
[00:03:0703] [CHECK] PrevRun
[00:03:0703] [CHECK] Not found!
[00:03:0703] [Check DLLs] UxTheme.dll : C:\WINDOWS\system32\UxTheme.dll
[00:03:0703] [CHECK] WhiteDLL
[00:03:0703] [CHECK] WellKnown
[00:03:0703] [CHECK] HijackName
[00:03:0703] [CHECK] Signature
[00:03:0719] [CHECK] Patterns
[00:03:0719] [CHECK] Blacklist
[00:03:0719] [CHECK] BlacklistPath
[00:03:0719] [CHECK] BlacklistMD5
[00:03:0719] [CHECK] MadeNumbers
[00:03:0719] [CHECK] SuspPath
[00:03:0719] [CHECK] PrevRun
[00:03:0719] [CHECK] Not found!
[00:03:0719] [Check DLLs] ShimEng.dll : C:\WINDOWS\system32\ShimEng.dll
[00:03:0719] [CHECK] WhiteDLL
[00:03:0719] [CHECK] WellKnown
[00:03:0719] [CHECK] HijackName
[00:03:0719] [CHECK] Signature
[00:03:0735] [CHECK] Patterns
[00:03:0735] [CHECK] Blacklist
[00:03:0735] [CHECK] BlacklistPath
[00:03:0735] [CHECK] BlacklistMD5
[00:03:0735] [CHECK] MadeNumbers
[00:03:0735] [CHECK] SuspPath
[00:03:0735] [CHECK] PrevRun
[00:03:0735] [CHECK] Not found!
[00:03:0735] [Check DLLs] AcGenral.DLL : C:\WINDOWS\AppPatch\AcGenral.DLL
[00:03:0735] [CHECK] WhiteDLL
[00:03:0735] [CHECK] WellKnown
[00:03:0735] [CHECK] HijackName
[00:03:0735] [CHECK] Signature
[00:03:0797] [CHECK] Patterns
[00:03:0797] [CHECK] Blacklist
[00:03:0797] [CHECK] BlacklistPath
[00:03:0797] [CHECK] BlacklistMD5
[00:03:0813] [CHECK] MadeNumbers
[00:03:0813] [CHECK] SuspPath
[00:03:0813] [CHECK] PrevRun
[00:03:0813] [CHECK] Not found!
[00:03:0813] [Check DLLs] WINMM.dll : C:\WINDOWS\system32\WINMM.dll
[00:03:0813] [CHECK] WhiteDLL
[00:03:0813] [CHECK] WellKnown
[00:03:0813] [CHECK] HijackName
[00:03:0813] [CHECK] Signature
[00:03:0828] [CHECK] Patterns
[00:03:0828] [CHECK] Blacklist
[00:03:0828] [CHECK] BlacklistPath
[00:03:0828] [CHECK] BlacklistMD5
[00:03:0828] [CHECK] MadeNumbers
[00:03:0828] [CHECK] SuspPath
[00:03:0828] [CHECK] PrevRun
[00:03:0828] [CHECK] Not found!
[00:03:0828] [Check DLLs] MSACM32.dll : C:\WINDOWS\system32\MSACM32.dll
[00:03:0828] [CHECK] WhiteDLL
[00:03:0828] [CHECK] WellKnown
[00:03:0828] [CHECK] HijackName
[00:03:0828] [CHECK] Signature
[00:03:0844] [CHECK] Patterns
[00:03:0844] [CHECK] Blacklist
[00:03:0844] [CHECK] BlacklistPath
[00:03:0844] [CHECK] BlacklistMD5
[00:03:0844] [CHECK] MadeNumbers
[00:03:0844] [CHECK] SuspPath
[00:03:0844] [CHECK] PrevRun
[00:03:0844] [CHECK] Not found!
[00:03:0844] [Check DLLs] USERENV.dll : C:\WINDOWS\system32\USERENV.dll
[00:03:0844] [CHECK] WhiteDLL
[00:03:0844] [CHECK] WellKnown
[00:03:0844] [CHECK] HijackName
[00:03:0844] [CHECK] Signature
[00:03:0875] [CHECK] Patterns
[00:03:0875] [CHECK] Blacklist
[00:03:0875] [CHECK] BlacklistPath
[00:03:0875] [CHECK] BlacklistMD5
[00:03:0891] [CHECK] MadeNumbers
[00:03:0891] [CHECK] SuspPath
[00:03:0891] [CHECK] PrevRun
[00:03:0891] [CHECK] Not found!
[00:03:0891] [Check DLLs] IMM32.DLL : C:\WINDOWS\system32\IMM32.DLL
[00:03:0891] [CHECK] WhiteDLL
[00:03:0891] [CHECK] WellKnown
[00:03:0891] [CHECK] HijackName
[00:03:0891] [CHECK] Signature
[00:03:0906] [CHECK] Patterns
[00:03:0906] [CHECK] Blacklist
[00:03:0906] [CHECK] BlacklistPath
[00:03:0906] [CHECK] BlacklistMD5
[00:03:0906] [CHECK] MadeNumbers
[00:03:0906] [CHECK] SuspPath
[00:03:0906] [CHECK] PrevRun
[00:03:0906] [CHECK] Not found!
[00:03:0906] [Check DLLs] comctl32.dll : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[00:03:0906] [CHECK] WhiteDLL
[00:03:0906] [CHECK] WellKnown
[00:03:0906] [CHECK] HijackName
[00:03:0906] [CHECK] Signature
[00:03:0953] [CHECK] Patterns
[00:03:0953] [CHECK] Blacklist
[00:03:0953] [CHECK] BlacklistPath
[00:03:0953] [CHECK] BlacklistMD5
[00:03:0953] [CHECK] MadeNumbers
[00:03:0953] [CHECK] SuspPath
[00:03:0953] [CHECK] PrevRun
[00:03:0953] [CHECK] Not found!
[00:03:0953] [Check DLLs] comctl32.dll : C:\WINDOWS\system32\comctl32.dll
[00:03:0953] [CHECK] WhiteDLL
[00:03:0953] [CHECK] WellKnown
[00:03:0953] [CHECK] HijackName
[00:03:0953] [CHECK] Signature
[00:03:0985] [CHECK] Patterns
[00:03:0985] [CHECK] Blacklist
[00:03:0985] [CHECK] BlacklistPath
[00:03:0985] [CHECK] BlacklistMD5
[00:04:0000] [CHECK] MadeNumbers
[00:04:0000] [CHECK] SuspPath
[00:04:0000] [CHECK] PrevRun
[00:04:0000] [CHECK] Not found!
[00:04:0000] [Check DLLs] msctfime.ime : C:\WINDOWS\system32\msctfime.ime
[00:04:0000] [CHECK] WhiteDLL
[00:04:0000] [CHECK] WellKnown
[00:04:0000] [CHECK] HijackName
[00:04:0000] [CHECK] Signature
[00:04:0016] [CHECK] Patterns
[00:04:0016] [CHECK] Blacklist
[00:04:0016] [CHECK] BlacklistPath
[00:04:0016] [CHECK] BlacklistMD5
[00:04:0016] [CHECK] MadeNumbers
[00:04:0016] [CHECK] SuspPath
[00:04:0016] [CHECK] PrevRun
[00:04:0016] [CHECK] Not found!
[00:04:0016] [Check DLLs] appHelp.dll : C:\WINDOWS\system32\appHelp.dll
[00:04:0016] [CHECK] WhiteDLL
[00:04:0016] [CHECK] WellKnown
[00:04:0016] [CHECK] HijackName
[00:04:0016] [CHECK] Signature
[00:04:0031] [CHECK] Patterns
[00:04:0031] [CHECK] Blacklist
[00:04:0031] [CHECK] BlacklistPath
[00:04:0031] [CHECK] BlacklistMD5
[00:04:0031] [CHECK] MadeNumbers
[00:04:0031] [CHECK] SuspPath
[00:04:0031] [CHECK] PrevRun
[00:04:0031] [CHECK] Not found!
[00:04:0031] [Check DLLs] CLBCATQ.DLL : C:\WINDOWS\system32\CLBCATQ.DLL
[00:04:0031] [CHECK] WhiteDLL
[00:04:0031] [CHECK] WellKnown
[00:04:0031] [CHECK] HijackName
[00:04:0031] [CHECK] Signature
[00:04:0063] [CHECK] Patterns
[00:04:0063] [CHECK] Blacklist
[00:04:0063] [CHECK] BlacklistPath
[00:04:0063] [CHECK] BlacklistMD5
[00:04:0063] [CHECK] MadeNumbers
[00:04:0063] [CHECK] SuspPath
[00:04:0063] [CHECK] PrevRun
[00:04:0063] [CHECK] Not found!
[00:04:0063] [Check DLLs] COMRes.dll : C:\WINDOWS\system32\COMRes.dll
[00:04:0063] [CHECK] WhiteDLL
[00:04:0063] [CHECK] WellKnown
[00:04:0063] [CHECK] HijackName
[00:04:0063] [CHECK] Signature
[00:04:0110] [CHECK] Patterns
[00:04:0110] [CHECK] Blacklist
[00:04:0110] [CHECK] BlacklistPath
[00:04:0110] [CHECK] BlacklistMD5
[00:04:0110] [CHECK] MadeNumbers
[00:04:0110] [CHECK] SuspPath
[00:04:0110] [CHECK] PrevRun
[00:04:0110] [CHECK] Not found!
[00:04:0110] [Check DLLs] cscui.dll : C:\WINDOWS\System32\cscui.dll
[00:04:0110] [CHECK] WhiteDLL
[00:04:0110] [CHECK] WellKnown
[00:04:0110] [CHECK] HijackName
[00:04:0110] [CHECK] Signature
[00:04:0125] [CHECK] Patterns
[00:04:0125] [CHECK] Blacklist
[00:04:0125] [CHECK] BlacklistPath
[00:04:0125] [CHECK] BlacklistMD5
[00:04:0125] [CHECK] MadeNumbers
[00:04:0125] [CHECK] SuspPath
[00:04:0125] [CHECK] PrevRun
[00:04:0125] [CHECK] Not found!
[00:04:0141] [Check DLLs] CSCDLL.dll : C:\WINDOWS\System32\CSCDLL.dll
[00:04:0141] [CHECK] WhiteDLL
[00:04:0141] [CHECK] WellKnown
[00:04:0141] [CHECK] HijackName
[00:04:0141] [CHECK] Signature
[00:04:0141] [CHECK] Patterns
[00:04:0141] [CHECK] Blacklist
[00:04:0141] [CHECK] BlacklistPath
[00:04:0141] [CHECK] BlacklistMD5
[00:04:0141] [CHECK] MadeNumbers
[00:04:0141] [CHECK] SuspPath
[00:04:0141] [CHECK] PrevRun
[00:04:0156] [CHECK] Not found!
[00:04:0156] [Check DLLs] themeui.dll : C:\WINDOWS\system32\themeui.dll
[00:04:0156] [CHECK] WhiteDLL
[00:04:0156] [CHECK] WellKnown
[00:04:0156] [CHECK] HijackName
[00:04:0156] [CHECK] Signature
[00:04:0172] [CHECK] Patterns
[00:04:0172] [CHECK] Blacklist
[00:04:0172] [CHECK] BlacklistPath
[00:04:0172] [CHECK] BlacklistMD5
[00:04:0172] [CHECK] MadeNumbers
[00:04:0172] [CHECK] SuspPath
[00:04:0188] [CHECK] PrevRun
[00:04:0188] [CHECK] Not found!
[00:04:0188] [Check DLLs] MSIMG32.dll : C:\WINDOWS\system32\MSIMG32.dll
[00:04:0188] [CHECK] WhiteDLL
[00:04:0188] [CHECK] WellKnown
[00:04:0188] [CHECK] HijackName
[00:04:0188] [CHECK] Signature
[00:04:0188] [CHECK] Patterns
[00:04:0188] [CHECK] Blacklist
[00:04:0188] [CHECK] BlacklistPath
[00:04:0188] [CHECK] BlacklistMD5
[00:04:0188] [CHECK] MadeNumbers
[00:04:0203] [CHECK] SuspPath
[00:04:0203] [CHECK] PrevRun
[00:04:0203] [CHECK] Not found!
[00:04:0203] [Check DLLs] shdoclc.dll : C:\WINDOWS\system32\shdoclc.dll
[00:04:0203] [CHECK] WhiteDLL
[00:04:0203] [CHECK] WellKnown
[00:04:0203] [CHECK] HijackName
[00:04:0203] [CHECK] Signature
[00:04:0235] [CHECK] Patterns
[00:04:0235] [CHECK] Blacklist
[00:04:0235] [CHECK] BlacklistPath
[00:04:0235] [CHECK] BlacklistMD5
[00:04:0235] [CHECK] MadeNumbers
[00:04:0235] [CHECK] SuspPath
[00:04:0235] [CHECK] PrevRun
[00:04:0235] [CHECK] Not found!
[00:04:0235] [Check DLLs] ieframe.dll : C:\WINDOWS\system32\ieframe.dll
[00:04:0235] [CHECK] WhiteDLL
[00:04:0235] [CHECK] WellKnown
[00:04:0235] [CHECK] HijackName
[00:04:0235] [CHECK] Signature
[00:05:0453] [CHECK] Patterns
[00:05:0453] [CHECK] Blacklist
[00:05:0453] [CHECK] BlacklistPath
[00:05:0453] [CHECK] BlacklistMD5
[00:05:0547] [CHECK] MadeNumbers
[00:05:0547] [CHECK] SuspPath
[00:05:0547] [CHECK] PrevRun
[00:05:0547] [CHECK] Not found!
[00:05:0547] [Check DLLs] xpsp2res.dll : C:\WINDOWS\system32\xpsp2res.dll
[00:05:0547] [CHECK] WhiteDLL
[00:05:0547] [CHECK] WellKnown
[00:05:0547] [CHECK] HijackName
[00:05:0547] [CHECK] Signature
[00:05:0875] [CHECK] Patterns
[00:05:0875] [CHECK] Blacklist
[00:05:0875] [CHECK] BlacklistPath
[00:05:0875] [CHECK] BlacklistMD5
[00:05:0906] [CHECK] MadeNumbers
[00:05:0906] [CHECK] SuspPath
[00:05:0906] [CHECK] PrevRun
[00:05:0906] [CHECK] Not found!
[00:05:0906] [Check DLLs] actxprxy.dll : C:\WINDOWS\system32\actxprxy.dll
[00:05:0906] [CHECK] WhiteDLL
[00:05:0906] [CHECK] WellKnown
[00:05:0906] [CHECK] HijackName
[00:05:0906] [CHECK] Signature
[00:05:0969] [CHECK] Patterns
[00:05:0969] [CHECK] Blacklist
[00:05:0969] [CHECK] BlacklistPath
[00:05:0969] [CHECK] BlacklistMD5
[00:05:0969] [CHECK] MadeNumbers
[00:05:0969] [CHECK] SuspPath
[00:05:0969] [CHECK] PrevRun
[00:05:0969] [CHECK] Not found!
[00:05:0969] [Check DLLs] msutb.dll : C:\WINDOWS\system32\msutb.dll
[00:05:0969] [CHECK] WhiteDLL
[00:05:0969] [CHECK] WellKnown
[00:05:0969] [CHECK] HijackName
[00:05:0969] [CHECK] Signature
[00:06:0047] [CHECK] Patterns
[00:06:0047] [CHECK] Blacklist
[00:06:0047] [CHECK] BlacklistPath
[00:06:0047] [CHECK] BlacklistMD5
[00:06:0047] [CHECK] MadeNumbers
[00:06:0047] [CHECK] SuspPath
[00:06:0047] [CHECK] PrevRun
[00:06:0047] [CHECK] Not found!
[00:06:0047] [Check DLLs] MSCTF.dll : C:\WINDOWS\system32\MSCTF.dll
[00:06:0047] [CHECK] WhiteDLL
[00:06:0047] [CHECK] WellKnown
[00:06:0047] [CHECK] HijackName
[00:06:0047] [CHECK] Signature
[00:06:0156] [CHECK] Patterns
[00:06:0156] [CHECK] Blacklist
[00:06:0156] [CHECK] BlacklistPath
[00:06:0156] [CHECK] BlacklistMD5
[00:06:0156] [CHECK] MadeNumbers
[00:06:0156] [CHECK] SuspPath
[00:06:0156] [CHECK] PrevRun
[00:06:0156] [CHECK] Not found!
[00:06:0156] [Check DLLs] LINKINFO.dll : C:\WINDOWS\system32\LINKINFO.dll
[00:06:0156] [CHECK] WhiteDLL
[00:06:0156] [CHECK] WellKnown
[00:06:0156] [CHECK] HijackName
[00:06:0156] [CHECK] Signature
[00:06:0188] [CHECK] Patterns
[00:06:0188] [CHECK] Blacklist
[00:06:0188] [CHECK] BlacklistPath
[00:06:0188] [CHECK] BlacklistMD5
[00:06:0188] [CHECK] MadeNumbers
[00:06:0188] [CHECK] SuspPath
[00:06:0188] [CHECK] PrevRun
[00:06:0188] [CHECK] Not found!
[00:06:0188] [Check DLLs] ntshrui.dll : C:\WINDOWS\system32\ntshrui.dll
[00:06:0188] [CHECK] WhiteDLL
[00:06:0188] [CHECK] WellKnown
[00:06:0203] [CHECK] HijackName
[00:06:0203] [CHECK] Signature
[00:06:0375] [CHECK] Patterns
[00:06:0375] [CHECK] Blacklist
[00:06:0375] [CHECK] BlacklistPath
[00:06:0375] [CHECK] BlacklistMD5
[00:06:0375] [CHECK] MadeNumbers
[00:06:0375] [CHECK] SuspPath
[00:06:0375] [CHECK] PrevRun
[00:06:0375] [CHECK] Not found!
[00:06:0375] [Check DLLs] ATL.DLL : C:\WINDOWS\system32\ATL.DLL
[00:06:0375] [CHECK] WhiteDLL
[00:06:0391] [CHECK] WellKnown
[00:06:0391] [CHECK] HijackName
[00:06:0391] [CHECK] Signature
[00:06:0422] [CHECK] Patterns
[00:06:0422] [CHECK] Blacklist
[00:06:0422] [CHECK] BlacklistPath
[00:06:0422] [CHECK] BlacklistMD5
[00:06:0422] [CHECK] MadeNumbers
[00:06:0438] [CHECK] SuspPath
[00:06:0438] [CHECK] PrevRun
[00:06:0438] [CHECK] Not found!
[00:06:0438] [Check DLLs] SETUPAPI.dll : C:\WINDOWS\system32\SETUPAPI.dll
[00:06:0438] [CHECK] WhiteDLL
[00:06:0438] [CHECK] WellKnown
[00:06:0438] [CHECK] HijackName
[00:06:0438] [CHECK] Signature
[00:06:0485] [CHECK] Patterns
[00:06:0485] [CHECK] Blacklist
[00:06:0485] [CHECK] BlacklistPath
[00:06:0485] [CHECK] BlacklistMD5
[00:06:0485] [CHECK] MadeNumbers
[00:06:0485] [CHECK] SuspPath
[00:06:0485] [CHECK] PrevRun
[00:06:0485] [CHECK] Not found!
[00:06:0485] [Check DLLs] NETSHELL.dll : C:\WINDOWS\system32\NETSHELL.dll
[00:06:0485] [CHECK] WhiteDLL
[00:06:0485] [CHECK] WellKnown
[00:06:0485] [CHECK] HijackName
[00:06:0485] [CHECK] Signature
[00:06:0547] [CHECK] Patterns
[00:06:0563] [CHECK] Blacklist
[00:06:0563] [CHECK] BlacklistPath
[00:06:0563] [CHECK] BlacklistMD5
[00:06:0563] [CHECK] MadeNumbers
[00:06:0578] [CHECK] SuspPath
[00:06:0578] [CHECK] PrevRun
[00:06:0578] [CHECK] Not found!
[00:06:0578] [Check DLLs] credui.dll : C:\WINDOWS\system32\credui.dll
[00:06:0578] [CHECK] WhiteDLL
[00:06:0578] [CHECK] WellKnown
[00:06:0578] [CHECK] HijackName
[00:06:0578] [CHECK] Signature
[00:06:0594] [CHECK] Patterns
[00:06:0594] [CHECK] Blacklist
[00:06:0594] [CHECK] BlacklistPath
[00:06:0594] [CHECK] BlacklistMD5
[00:06:0594] [CHECK] MadeNumbers
[00:06:0594] [CHECK] SuspPath
[00:06:0594] [CHECK] PrevRun
[00:06:0594] [CHECK] Not found!
[00:06:0594] [Check DLLs] dot3api.dll : C:\WINDOWS\system32\dot3api.dll
[00:06:0594] [CHECK] WhiteDLL
[00:06:0594] [CHECK] WellKnown
[00:06:0594] [CHECK] HijackName
[00:06:0594] [CHECK] Signature
[00:06:0594] [CHECK] Patterns
[00:06:0594] [CHECK] Blacklist
[00:06:0594] [CHECK] BlacklistPath
[00:06:0594] [CHECK] BlacklistMD5
[00:06:0594] [CHECK] MadeNumbers
[00:06:0594] [CHECK] SuspPath
[00:06:0594] [CHECK] PrevRun
[00:06:0594] [CHECK] Not found!
[00:06:0594] [Check DLLs] rtutils.dll : C:\WINDOWS\system32\rtutils.dll
[00:06:0594] [CHECK] WhiteDLL
[00:06:0594] [CHECK] WellKnown
[00:06:0610] [CHECK] HijackName
[00:06:0610] [CHECK] Signature
[00:06:0610] [CHECK] Patterns
[00:06:0610] [CHECK] Blacklist
[00:06:0610] [CHECK] BlacklistPath
[00:06:0610] [CHECK] BlacklistMD5
[00:06:0610] [CHECK] MadeNumbers
[00:06:0610] [CHECK] SuspPath
[00:06:0610] [CHECK] PrevRun
[00:06:0610] [CHECK] Not found!
[00:06:0610] [Check DLLs] dot3dlg.dll : C:\WINDOWS\system32\dot3dlg.dll
[00:06:0610] [CHECK] WhiteDLL
[00:06:0610] [CHECK] WellKnown
[00:06:0610] [CHECK] HijackName
[00:06:0610] [CHECK] Signature
[00:06:0625] [CHECK] Patterns
[00:06:0625] [CHECK] Blacklist
[00:06:0625] [CHECK] BlacklistPath
[00:06:0625] [CHECK] BlacklistMD5
[00:06:0625] [CHECK] MadeNumbers
[00:06:0625] [CHECK] SuspPath
[00:06:0625] [CHECK] PrevRun
[00:06:0625] [CHECK] Not found!
[00:06:0625] [Check DLLs] OneX.DLL : C:\WINDOWS\system32\OneX.DLL
[00:06:0625] [CHECK] WhiteDLL
[00:06:0625] [CHECK] WellKnown
[00:06:0625] [CHECK] HijackName
[00:06:0625] [CHECK] Signature
[00:06:0625] [CHECK] Patterns
[00:06:0625] [CHECK] Blacklist
[00:06:0625] [CHECK] BlacklistPath
[00:06:0625] [CHECK] BlacklistMD5
[00:06:0641] [CHECK] MadeNumbers
[00:06:0641] [CHECK] SuspPath
[00:06:0641] [CHECK] PrevRun
[00:06:0641] [CHECK] Not found!
[00:06:0641] [Check DLLs] WTSAPI32.dll : C:\WINDOWS\system32\WTSAPI32.dll
[00:06:0641] [CHECK] WhiteDLL
[00:06:0641] [CHECK] WellKnown
[00:06:0641] [CHECK] HijackName
[00:06:0641] [CHECK] Signature
[00:06:0641] [CHECK] Patterns
[00:06:0641] [CHECK] Blacklist
[00:06:0641] [CHECK] BlacklistPath
[00:06:0641] [CHECK] BlacklistMD5
[00:06:0641] [CHECK] MadeNumbers
[00:06:0641] [CHECK] SuspPath
[00:06:0641] [CHECK] PrevRun
[00:06:0641] [CHECK] Not found!
[00:06:0656] [Check DLLs] WINSTA.dll : C:\WINDOWS\system32\WINSTA.dll
[00:06:0656] [CHECK] WhiteDLL
[00:06:0656] [CHECK] WellKnown
[00:06:0656] [CHECK] HijackName
[00:06:0656] [CHECK] Signature
[00:06:0656] [CHECK] Patterns
[00:06:0656] [CHECK] Blacklist
[00:06:0656] [CHECK] BlacklistPath
[00:06:0656] [CHECK] BlacklistMD5
[00:06:0656] [CHECK] MadeNumbers
[00:06:0656] [CHECK] SuspPath
[00:06:0656] [CHECK] PrevRun
[00:06:0656] [CHECK] Not found!
[00:06:0656] [Check DLLs] eappcfg.dll : C:\WINDOWS\system32\eappcfg.dll
[00:06:0656] [CHECK] WhiteDLL
[00:06:0656] [CHECK] WellKnown
[00:06:0656] [CHECK] HijackName
[00:06:0656] [CHECK] Signature
[00:06:0672] [CHECK] Patterns
[00:06:0672] [CHECK] Blacklist
[00:06:0672] [CHECK] BlacklistPath
[00:06:0672] [CHECK] BlacklistMD5
[00:06:0672] [CHECK] MadeNumbers
[00:06:0672] [CHECK] SuspPath
[00:06:0672] [CHECK] PrevRun
[00:06:0672] [CHECK] Not found!
[00:06:0672] [Check DLLs] MSVCP60.dll : C:\WINDOWS\system32\MSVCP60.dll
[00:06:0672] [CHECK] WhiteDLL
[00:06:0672] [Check DLLs] eappprxy.dll : C:\WINDOWS\system32\eappprxy.dll
[00:06:0672] [CHECK] WhiteDLL
[00:06:0672] [CHECK] WellKnown
[00:06:0672] [CHECK] HijackName
[00:06:0672] [CHECK] Signature
[00:06:0688] [CHECK] Patterns
[00:06:0688] [CHECK] Blacklist
[00:06:0688] [CHECK] BlacklistPath
[00:06:0688] [CHECK] BlacklistMD5
[00:06:0688] [CHECK] MadeNumbers
[00:06:0688] [CHECK] SuspPath
[00:06:0688] [CHECK] PrevRun
[00:06:0688] [CHECK] Not found!
[00:06:0688] [Check DLLs] iphlpapi.dll : C:\WINDOWS\system32\iphlpapi.dll
[00:06:0688] [CHECK] WhiteDLL
[00:06:0688] [CHECK] WellKnown
[00:06:0688] [CHECK] HijackName
[00:06:0688] [CHECK] Signature
[00:06:0688] [CHECK] Patterns
[00:06:0703] [CHECK] Blacklist
[00:06:0703] [CHECK] BlacklistPath
[00:06:0703] [CHECK] BlacklistMD5
[00:06:0703] [CHECK] MadeNumbers
[00:06:0703] [CHECK] SuspPath
[00:06:0703] [CHECK] PrevRun
[00:06:0703] [CHECK] Not found!
[00:06:0703] [Check DLLs] WS2_32.dll : C:\WINDOWS\system32\WS2_32.dll
[00:06:0703] [CHECK] WhiteDLL
[00:06:0703] [CHECK] WellKnown
[00:06:0703] [CHECK] HijackName
[00:06:0703] [CHECK] Signature
[00:06:0703] [CHECK] Patterns
[00:06:0703] [CHECK] Blacklist
[00:06:0703] [CHECK] BlacklistPath
[00:06:0703] [CHECK] BlacklistMD5
[00:06:0703] [CHECK] MadeNumbers
[00:06:0703] [CHECK] SuspPath
[00:06:0703] [CHECK] PrevRun
[00:06:0703] [CHECK] Not found!
[00:06:0719] [Check DLLs] WS2HELP.dll : C:\WINDOWS\system32\WS2HELP.dll
[00:06:0719] [CHECK] WhiteDLL
[00:06:0719] [CHECK] WellKnown
[00:06:0719] [CHECK] HijackName
[00:06:0719] [CHECK] Signature
[00:06:0719] [CHECK] Patterns
[00:06:0719] [CHECK] Blacklist
[00:06:0719] [CHECK] BlacklistPath
[00:06:0719] [CHECK] BlacklistMD5
[00:06:0719] [CHECK] MadeNumbers
[00:06:0719] [CHECK] SuspPath
[00:06:0719] [CHECK] PrevRun
[00:06:0719] [CHECK] Not found!
[00:06:0719] [Check DLLs] msi.dll : C:\WINDOWS\system32\msi.dll
[00:06:0719] [CHECK] WhiteDLL
[00:06:0719] [CHECK] WellKnown
[00:06:0719] [CHECK] HijackName
[00:06:0719] [CHECK] Signature
[00:06:0813] [CHECK] Patterns
[00:06:0813] [CHECK] Blacklist
[00:06:0813] [CHECK] BlacklistPath
[00:06:0813] [CHECK] BlacklistMD5
[00:06:0844] [CHECK] MadeNumbers
[00:06:0844] [CHECK] SuspPath
[00:06:0844] [CHECK] PrevRun
[00:06:0844] [CHECK] Not found!
[00:06:0844] [Check DLLs] MLANG.dll : C:\WINDOWS\system32\MLANG.dll
[00:06:0844] [CHECK] WhiteDLL
[00:06:0844] [CHECK] WellKnown
[00:06:0844] [CHECK] HijackName
[00:06:0844] [CHECK] Signature
[00:06:0875] [CHECK] Patterns
[00:06:0875] [CHECK] Blacklist
[00:06:0875] [CHECK] BlacklistPath
[00:06:0875] [CHECK] BlacklistMD5
[00:06:0875] [CHECK] MadeNumbers
[00:06:0875] [CHECK] SuspPath
[00:06:0875] [CHECK] PrevRun
[00:06:0875] [CHECK] Not found!
[00:06:0875] [Check DLLs] wdmaud.drv : C:\WINDOWS\system32\wdmaud.drv
[00:06:0875] [CHECK] WhiteDLL
[00:06:0875] [CHECK] WellKnown
[00:06:0875] [CHECK] HijackName
[00:06:0875] [CHECK] Signature
[00:06:0891] [CHECK] Patterns
[00:06:0891] [CHECK] Blacklist
[00:06:0891] [CHECK] BlacklistPath
[00:06:0891] [CHECK] BlacklistMD5
[00:06:0891] [CHECK] MadeNumbers
[00:06:0891] [CHECK] SuspPath
[00:06:0891] [CHECK] PrevRun
[00:06:0891] [CHECK] Not found!
[00:06:0891] [Check DLLs] msacm32.drv : C:\WINDOWS\system32\msacm32.drv
[00:06:0891] [CHECK] WhiteDLL
[00:06:0891] [CHECK] WellKnown
[00:06:0891] [CHECK] HijackName
[00:06:0891] [CHECK] Signature
[00:06:0906] [CHECK] Patterns
[00:06:0906] [CHECK] Blacklist
[00:06:0906] [CHECK] BlacklistPath
[00:06:0906] [CHECK] BlacklistMD5
[00:06:0906] [CHECK] MadeNumbers
[00:06:0906] [CHECK] SuspPath
[00:06:0906] [CHECK] PrevRun
[00:06:0906] [CHECK] Not found!
[00:06:0906] [Check DLLs] midimap.dll : C:\WINDOWS\system32\midimap.dll
[00:06:0906] [CHECK] WhiteDLL
[00:06:0906] [CHECK] WellKnown
[00:06:0906] [CHECK] HijackName
[00:06:0906] [CHECK] Signature
[00:06:0906] [CHECK] Patterns
[00:06:0906] [CHECK] Blacklist
[00:06:0906] [CHECK] BlacklistPath
[00:06:0906] [CHECK] BlacklistMD5
[00:06:0906] [CHECK] MadeNumbers
[00:06:0906] [CHECK] SuspPath
[00:06:0906] [CHECK] PrevRun
[00:06:0906] [CHECK] Not found!
[00:06:0906] [Check DLLs] webcheck.dll : C:\WINDOWS\system32\webcheck.dll
[00:06:0906] [CHECK] WhiteDLL
[00:06:0906] [CHECK] WellKnown
[00:06:0906] [CHECK] HijackName
[00:06:0906] [CHECK] Signature
[00:06:0938] [CHECK] Patterns
[00:06:0938] [CHECK] Blacklist
[00:06:0938] [CHECK] BlacklistPath
[00:06:0938] [CHECK] BlacklistMD5
[00:06:0938] [CHECK] MadeNumbers
[00:06:0938] [CHECK] SuspPath
[00:06:0938] [CHECK] PrevRun
[00:06:0938] [CHECK] Not found!
[00:06:0938] [Check DLLs] stobject.dll : C:\WINDOWS\system32\stobject.dll
[00:06:0938] [CHECK] WhiteDLL
[00:06:0938] [CHECK] WellKnown
[00:06:0938] [CHECK] HijackName
[00:06:0938] [CHECK] Signature
[00:06:0938] [CHECK] Patterns
[00:06:0938] [CHECK] Blacklist
[00:06:0938] [CHECK] BlacklistPath
[00:06:0938] [CHECK] BlacklistMD5
[00:06:0953] [CHECK] MadeNumbers
[00:06:0953] [CHECK] SuspPath
[00:06:0953] [CHECK] PrevRun
[00:06:0953] [CHECK] Not found!
[00:06:0953] [Check DLLs] BatMeter.dll : C:\WINDOWS\system32\BatMeter.dll
[00:06:0953] [CHECK] WhiteDLL
[00:06:0953] [CHECK] WellKnown
[00:06:0953] [CHECK] HijackName
[00:06:0953] [CHECK] Signature
[00:06:0969] [CHECK] Patterns
[00:06:0969] [CHECK] Blacklist
[00:06:0969] [CHECK] BlacklistPath
[00:06:0969] [CHECK] BlacklistMD5
[00:06:0969] [CHECK] MadeNumbers
[00:06:0969] [CHECK] SuspPath
[00:06:0969] [CHECK] PrevRun
[00:06:0969] [CHECK] Not found!
[00:06:0969] [Check DLLs] POWRPROF.dll : C:\WINDOWS\system32\POWRPROF.dll
[00:06:0969] [CHECK] WhiteDLL
[00:06:0969] [CHECK] WellKnown
[00:06:0969] [CHECK] HijackName
[00:06:0969] [CHECK] Signature
[00:06:0969] [CHECK] Patterns
[00:06:0969] [CHECK] Blacklist
[00:06:0969] [CHECK] BlacklistPath
[00:06:0969] [CHECK] BlacklistMD5
[00:06:0969] [CHECK] MadeNumbers
[00:06:0985] [CHECK] SuspPath
[00:06:0985] [CHECK] PrevRun
[00:06:0985] [CHECK] Not found!
[00:06:0985] [Check DLLs] WPDShServiceObj.dll : C:\WINDOWS\system32\WPDShServiceObj.dll
[00:06:0985] [CHECK] WhiteDLL
[00:06:0985] [CHECK] WellKnown
[00:06:0985] [CHECK] HijackName
[00:06:0985] [CHECK] Signature
[00:06:0985] [CHECK] Patterns
[00:06:0985] [CHECK] Blacklist
[00:06:0985] [CHECK] BlacklistPath
[00:06:0985] [CHECK] BlacklistMD5
[00:06:0985] [CHECK] MadeNumbers
[00:06:0985] [CHECK] SuspPath
[00:06:0985] [CHECK] PrevRun
[00:06:0985] [CHECK] Not found!
[00:07:0000] [Check DLLs] WINHTTP.dll : C:\WINDOWS\system32\WINHTTP.dll
[00:07:0000] [CHECK] WhiteDLL
[00:07:0000] [CHECK] WellKnown
[00:07:0000] [CHECK] HijackName
[00:07:0000] [CHECK] Signature
[00:07:0016] [CHECK] Patterns
[00:07:0016] [CHECK] Blacklist
[00:07:0016] [CHECK] BlacklistPath
[00:07:0016] [CHECK] BlacklistMD5
[00:07:0016] [CHECK] MadeNumbers
[00:07:0016] [CHECK] SuspPath
[00:07:0016] [CHECK] PrevRun
[00:07:0016] [CHECK] Not found!
[00:07:0016] [Check DLLs] mydocs.dll : C:\WINDOWS\system32\mydocs.dll
[00:07:0016] [CHECK] WhiteDLL
[00:07:0016] [CHECK] WellKnown
[00:07:0016] [CHECK] HijackName
[00:07:0016] [CHECK] Signature
[00:07:0031] [CHECK] Patterns
[00:07:0031] [CHECK] Blacklist
[00:07:0031] [CHECK] BlacklistPath
[00:07:0031] [CHECK] BlacklistMD5
[00:07:0031] [CHECK] MadeNumbers
[00:07:0031] [CHECK] SuspPath
[00:07:0031] [CHECK] PrevRun
[00:07:0031] [CHECK] Not found!
[00:07:0031] [Check DLLs] PortableDeviceTypes.dll : C:\WINDOWS\system32\PortableDeviceTypes.dll
[00:07:0031] [CHECK] WhiteDLL
[00:07:0031] [CHECK] WellKnown
[00:07:0031] [CHECK] HijackName
[00:07:0031] [CHECK] Signature
[00:07:0047] [CHECK] Patterns
[00:07:0047] [CHECK] Blacklist
[00:07:0047] [CHECK] BlacklistPath
[00:07:0047] [CHECK] BlacklistMD5
[00:07:0047] [CHECK] MadeNumbers
[00:07:0047] [CHECK] SuspPath
[00:07:0047] [CHECK] PrevRun
[00:07:0047] [CHECK] Not found!
[00:07:0047] [Check DLLs] PortableDeviceApi.dll : C:\WINDOWS\system32\PortableDeviceApi.dll
[00:07:0047] [CHECK] WhiteDLL
[00:07:0047] [CHECK] WellKnown
[00:07:0047] [CHECK] HijackName
[00:07:0047] [CHECK] Signature
[00:07:0094] [CHECK] Patterns
[00:07:0094] [CHECK] Blacklist
[00:07:0094] [CHECK] BlacklistPath
[00:07:0110] [CHECK] BlacklistMD5
[00:07:0110] [CHECK] MadeNumbers
[00:07:0110] [CHECK] SuspPath
[00:07:0110] [CHECK] PrevRun
[00:07:0110] [CHECK] Not found!
[00:07:0110] [Check DLLs] MPR.dll : C:\WINDOWS\system32\MPR.dll
[00:07:0110] [CHECK] WhiteDLL
[00:07:0110] [CHECK] WellKnown
[00:07:0110] [CHECK] HijackName
[00:07:0110] [CHECK] Signature
[00:07:0125] [CHECK] Patterns
[00:07:0125] [CHECK] Blacklist
[00:07:0125] [CHECK] BlacklistPath
[00:07:0125] [CHECK] BlacklistMD5
[00:07:0125] [CHECK] MadeNumbers
[00:07:0125] [CHECK] SuspPath
[00:07:0125] [CHECK] PrevRun
[00:07:0125] [CHECK] Not found!
[00:07:0125] [Check DLLs] drprov.dll : C:\WINDOWS\System32\drprov.dll
[00:07:0125] [CHECK] WhiteDLL
[00:07:0125] [CHECK] WellKnown
[00:07:0125] [CHECK] HijackName
[00:07:0125] [CHECK] Signature
[00:07:0125] [CHECK] Patterns
[00:07:0125] [CHECK] Blacklist
[00:07:0125] [CHECK] BlacklistPath
[00:07:0125] [CHECK] BlacklistMD5
[00:07:0125] [CHECK] MadeNumbers
[00:07:0125] [CHECK] SuspPath
[00:07:0125] [CHECK] PrevRun
[00:07:0125] [CHECK] Not found!
[00:07:0125] [Check DLLs] ntlanman.dll : C:\WINDOWS\System32\ntlanman.dll
[00:07:0125] [CHECK] WhiteDLL
[00:07:0125] [CHECK] WellKnown
[00:07:0125] [CHECK] HijackName
[00:07:0125] [CHECK] Signature
[00:07:0141] [CHECK] Patterns
[00:07:0141] [CHECK] Blacklist
[00:07:0141] [CHECK] BlacklistPath
[00:07:0141] [CHECK] BlacklistMD5
[00:07:0141] [CHECK] MadeNumbers
[00:07:0141] [CHECK] SuspPath
[00:07:0141] [CHECK] PrevRun
[00:07:0141] [CHECK] Not found!
[00:07:0141] [Check DLLs] NETUI0.dll : C:\WINDOWS\System32\NETUI0.dll
[00:07:0141] [CHECK] WhiteDLL
[00:07:0141] [CHECK] WellKnown
[00:07:0141] [CHECK] HijackName
[00:07:0141] [CHECK] Signature
[00:07:0156] [CHECK] Patterns
[00:07:0156] [CHECK] Blacklist
[00:07:0156] [CHECK] BlacklistPath
[00:07:0156] [CHECK] BlacklistMD5
[00:07:0156] [CHECK] MadeNumbers
[00:07:0156] [CHECK] SuspPath
[00:07:0156] [CHECK] PrevRun
[00:07:0156] [CHECK] Not found!
[00:07:0156] [Check DLLs] NETUI1.dll : C:\WINDOWS\System32\NETUI1.dll
[00:07:0156] [CHECK] WhiteDLL
[00:07:0156] [CHECK] WellKnown
[00:07:0156] [CHECK] HijackName
[00:07:0156] [CHECK] Signature
[00:07:0172] [CHECK] Patterns
[00:07:0172] [CHECK] Blacklist
[00:07:0172] [CHECK] BlacklistPath
[00:07:0172] [CHECK] BlacklistMD5
[00:07:0172] [CHECK] MadeNumbers
[00:07:0172] [CHECK] SuspPath
[00:07:0172] [CHECK] PrevRun
[00:07:0172] [CHECK] Not found!
[00:07:0172] [Check DLLs] NETRAP.dll : C:\WINDOWS\System32\NETRAP.dll
[00:07:0172] [CHECK] WhiteDLL
[00:07:0172] [CHECK] WellKnown
[00:07:0172] [CHECK] HijackName
[00:07:0188] [CHECK] Signature
[00:07:0188] [CHECK] Patterns
[00:07:0188] [CHECK] Blacklist
[00:07:0188] [CHECK] BlacklistPath
[00:07:0188] [CHECK] BlacklistMD5
[00:07:0188] [CHECK] MadeNumbers
[00:07:0188] [CHECK] SuspPath
[00:07:0203] [CHECK] PrevRun
[00:07:0203] [CHECK] Not found!
[00:07:0203] [Check DLLs] SAMLIB.dll : C:\WINDOWS\System32\SAMLIB.dll
[00:07:0203] [CHECK] WhiteDLL
[00:07:0203] [CHECK] WellKnown
[00:07:0203] [CHECK] HijackName
[00:07:0203] [CHECK] Signature
[00:07:0203] [CHECK] Patterns
[00:07:0203] [CHECK] Blacklist
[00:07:0203] [CHECK] BlacklistPath
[00:07:0203] [CHECK] BlacklistMD5
[00:07:0203] [CHECK] MadeNumbers
[00:07:0203] [CHECK] SuspPath
[00:07:0203] [CHECK] PrevRun
[00:07:0203] [CHECK] Not found!
[00:07:0203] [Check DLLs] davclnt.dll : C:\WINDOWS\System32\davclnt.dll
[00:07:0203] [CHECK] WhiteDLL
[00:07:0203] [CHECK] WellKnown
[00:07:0219] [CHECK] HijackName
[00:07:0219] [CHECK] Signature
[00:07:0219] [CHECK] Patterns
[00:07:0219] [CHECK] Blacklist
[00:07:0219] [CHECK] BlacklistPath
[00:07:0219] [CHECK] BlacklistMD5
[00:07:0219] [CHECK] MadeNumbers
[00:07:0219] [CHECK] SuspPath
[00:07:0219] [CHECK] PrevRun
[00:07:0219] [CHECK] Not found!
[00:07:0219] [Check DLLs] RASDLG.dll : C:\WINDOWS\system32\RASDLG.dll
[00:07:0219] [CHECK] WhiteDLL
[00:07:0219] [CHECK] WellKnown
[00:07:0219] [CHECK] HijackName
[00:07:0219] [CHECK] Signature
[00:07:0266] [CHECK] Patterns
[00:07:0266] [CHECK] Blacklist
[00:07:0266] [CHECK] BlacklistPath
[00:07:0266] [CHECK] BlacklistMD5
[00:07:0266] [CHECK] MadeNumbers
[00:07:0266] [CHECK] SuspPath
[00:07:0266] [CHECK] PrevRun
[00:07:0266] [CHECK] Not found!
[00:07:0266] [Check DLLs] MPRAPI.dll : C:\WINDOWS\system32\MPRAPI.dll
[00:07:0266] [CHECK] WhiteDLL
[00:07:0266] [CHECK] WellKnown
[00:07:0266] [CHECK] HijackName
[00:07:0266] [CHECK] Signature
[00:07:0313] [CHECK] Patterns
[00:07:0313] [CHECK] Blacklist
[00:07:0313] [CHECK] BlacklistPath
[00:07:0313] [CHECK] BlacklistMD5
[00:07:0313] [CHECK] MadeNumbers
[00:07:0313] [CHECK] SuspPath
[00:07:0313] [CHECK] PrevRun
[00:07:0313] [CHECK] Not found!
[00:07:0313] [Check DLLs] ACTIVEDS.dll : C:\WINDOWS\system32\ACTIVEDS.dll
[00:07:0313] [CHECK] WhiteDLL
[00:07:0328] [CHECK] WellKnown
[00:07:0328] [CHECK] HijackName
[00:07:0328] [CHECK] Signature
[00:07:0360] [CHECK] Patterns
[00:07:0360] [CHECK] Blacklist
[00:07:0360] [CHECK] BlacklistPath
[00:07:0360] [CHECK] BlacklistMD5
[00:07:0360] [CHECK] MadeNumbers
[00:07:0360] [CHECK] SuspPath
[00:07:0360] [CHECK] PrevRun
[00:07:0360] [CHECK] Not found!
[00:07:0360] [Check DLLs] adsldpc.dll : C:\WINDOWS\system32\adsldpc.dll
[00:07:0360] [CHECK] WhiteDLL
[00:07:0360] [CHECK] WellKnown
[00:07:0360] [CHECK] HijackName
[00:07:0360] [CHECK] Signature
[00:07:0375] [CHECK] Patterns
[00:07:0375] [CHECK] Blacklist
[00:07:0375] [CHECK] BlacklistPath
[00:07:0375] [CHECK] BlacklistMD5
[00:07:0375] [CHECK] MadeNumbers
[00:07:0375] [CHECK] SuspPath
[00:07:0375] [CHECK] PrevRun
[00:07:0375] [CHECK] Not found!
[00:07:0641] [Check DLLs] RASAPI32.dll : C:\WINDOWS\system32\RASAPI32.dll
[00:07:0641] [CHECK] WhiteDLL
[00:07:0641] [CHECK] WellKnown
[00:07:0641] [CHECK] HijackName
[00:07:0641] [CHECK] Signature
[00:07:0672] [CHECK] Patterns
[00:07:0672] [CHECK] Blacklist
[00:07:0672] [CHECK] BlacklistPath
[00:07:0672] [CHECK] BlacklistMD5
[00:07:0672] [CHECK] MadeNumbers
[00:07:0672] [CHECK] SuspPath
[00:07:0672] [CHECK] PrevRun
[00:07:0672] [CHECK] Not found!
[00:07:0672] [Check DLLs] rasman.dll : C:\WINDOWS\system32\rasman.dll
[00:07:0672] [CHECK] WhiteDLL
[00:07:0672] [CHECK] WellKnown
[00:07:0672] [CHECK] HijackName
[00:07:0672] [CHECK] Signature
[00:07:0688] [CHECK] Patterns
[00:07:0688] [CHECK] Blacklist
[00:07:0688] [CHECK] BlacklistPath
[00:07:0688] [CHECK] BlacklistMD5
[00:07:0688] [CHECK] MadeNumbers
[00:07:0688] [CHECK] SuspPath
[00:07:0688] [CHECK] PrevRun
[00:07:0703] [CHECK] Not found!
[00:07:0703] [Check DLLs] TAPI32.dll : C:\WINDOWS\system32\TAPI32.dll
[00:07:0703] [CHECK] WhiteDLL
[00:07:0703] [CHECK] WellKnown
[00:07:0703] [CHECK] HijackName
[00:07:0703] [CHECK] Signature
[00:07:0719] [CHECK] Patterns
[00:07:0719] [CHECK] Blacklist
[00:07:0719] [CHECK] BlacklistPath
[00:07:0719] [CHECK] BlacklistMD5
[00:07:0719] [CHECK] MadeNumbers
[00:07:0719] [CHECK] SuspPath
[00:07:0719] [CHECK] PrevRun
[00:07:0719] [CHECK] Not found!
[00:07:0719] [Check DLLs] msv1_0.dll : C:\WINDOWS\system32\msv1_0.dll
[00:07:0719] [CHECK] WhiteDLL
[00:07:0719] [CHECK] WellKnown
[00:07:0719] [CHECK] HijackName
[00:07:0719] [CHECK] Signature
[00:07:0735] [CHECK] Patterns
[00:07:0735] [CHECK] Blacklist
[00:07:0735] [CHECK] BlacklistPath
[00:07:0735] [CHECK] BlacklistMD5
[00:07:0735] [CHECK] MadeNumbers
[00:07:0735] [CHECK] SuspPath
[00:07:0735] [CHECK] PrevRun
[00:07:0735] [CHECK] Not found!
[00:07:0735] [Check DLLs] cryptdll.dll : C:\WINDOWS\system32\cryptdll.dll
[00:07:0735] [CHECK] WhiteDLL
[00:07:0735] [CHECK] WellKnown
[00:07:0735] [CHECK] HijackName
[00:07:0735] [CHECK] Signature
[00:07:0750] [CHECK] Patterns
[00:07:0750] [CHECK] Blacklist
[00:07:0750] [CHECK] BlacklistPath
[00:07:0750] [CHECK] BlacklistMD5
[00:07:0750] [CHECK] MadeNumbers
[00:07:0750] [CHECK] SuspPath <
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 22:24
C'est le rapport de crash, que je transmets à Tigzy.

Et mon rapport combofix ?
0
Réponse 6 / 27
eko
20 avril 2013 à 22:26
je lance sa scan redemare et pas de rapport
0
Réponse 7 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 22:30
demarrer /executer

tape : cmd

ok

dans la fenetre noire tu copie-colles :

dir /A/B/S %Homedrive%\Qoobox >> %Homedrive%\Qoobox.txt

puis entrée

ensuite tu fermes cette fenetre et tu colles le contenu de Qoobox.txt que tu trouveras dans C:\
0
Réponse 8 / 27
eko
20 avril 2013 à 22:41
qoobox et totalment vide .
0
Réponse 9 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 23:17
il a travaillé pourtant combofix ? :o
0
Réponse 10 / 27
eko
20 avril 2013 à 23:21
oui! :s
0
Réponse 11 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 23:23
Refais-le en mode sans échec.
0
Réponse 12 / 27
eko
20 avril 2013 à 23:25
comment demarer on mode sons echec sur xp?
0
Réponse 13 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
20 avril 2013 à 23:30
Comment aller en Mode sans échec :

▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Choisis ton compte habituel, et non Administrateur (si besoin ... )
0
Réponse 14 / 27
eko
21 avril 2013 à 00:40
ComboFix 13-04-20.02 - vgame 21/04/2013 19:22:13.1.2 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.669 [GMT 0:00]
Lancé depuis: c:\documents and settings\vgame\Bureau\ComboFix.exe
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\eko\Application Data\facemoods.com
c:\documents and settings\eko\Application Data\PriceGong
c:\documents and settings\eko\Application Data\ShoppingReport2
c:\documents and settings\eko\Application Data\ShoppingReport2\cs\Config.xml
c:\documents and settings\eko\Application Data\ShoppingReport2\cs\db\Aliases.dbs
c:\documents and settings\eko\Application Data\ShoppingReport2\cs\db\Sites.dbs
c:\documents and settings\eko\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip
c:\documents and settings\eko\Application Data\ShoppingReport2\cs\report\aggr_storage.xml
c:\documents and settings\eko\Application Data\ShoppingReport2\cs\report\send_storage.xml
c:\documents and settings\eko\Application Data\ShoppingReport2\cs\res1\WhiteList.dbs
c:\documents and settings\vgame\.tmp
c:\documents and settings\vgame\Application Data\csrs.exe
c:\documents and settings\vgame\Application Data\dns_t.exe
c:\documents and settings\vgame\Application Data\dnsu.exe
c:\documents and settings\vgame\Application Data\Facebook.exe
c:\documents and settings\vgame\Application Data\Facebook.exe.tmp
c:\documents and settings\vgame\Application Data\Skype.exe
c:\documents and settings\vgame\Application Data\Skype.exe.tmp
c:\documents and settings\vgame\Application Data\SQLite3.dll
c:\documents and settings\vgame\Application Data\svchost.exe
c:\documents and settings\vgame\Application Data\svchost.exe.tmp
c:\documents and settings\vgame\Application Data\svchot.exe
c:\documents and settings\vgame\Application Data\svchot.exe.tmp
c:\documents and settings\vgame\Application Data\Trojan.exe
c:\documents and settings\vgame\Application Data\Trojan.exe.tmp
c:\documents and settings\vgame\Local Settings\Temp\Chrome.exe
c:\documents and settings\vgame\Local Settings\Temp\crossfire.exe
c:\documents and settings\vgame\Local Settings\Temp\csrs.exe
c:\documents and settings\vgame\Local Settings\Temp\facebook.exe
c:\documents and settings\vgame\Local Settings\Temp\Google.exe
c:\documents and settings\vgame\Local Settings\Temp\psyco.exe
c:\documents and settings\vgame\Local Settings\Temp\service.exe
c:\documents and settings\vgame\Local Settings\Temp\svchost.exe
c:\documents and settings\vgame\Local Settings\Temp\Sys.exe
c:\documents and settings\vgame\Local Settings\Temp\System.exe
c:\documents and settings\vgame\Local Settings\Temp\Trojan.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\01b768079edee5f654080fe50a78d4b7.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\11b66f66324ac0e6e6a3c81ee698d1b6.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\13e5090cee57967233f9b6a72ec1c5dd.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\1899a32ba3565d2a36a228013f5e9799.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\301b5fcf8ce2fab8868e80b6c1f912fe.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\368fc7f563096ad51849f0d2c298fc08.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\488fe9187d45de3434711bfe795a2b63.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\8107c9f97232933cc42c9d6f827202a5.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\8515eb34d8f9de5af815466e9715b3e5.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\8d0fa66a7f70d4b92f3da7199f7f9e8d.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\8e56537133e75df5421f3565a026e09d.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\94e540adc4cf174ca7240135617a6982.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\b57cb8e241634542876c995d99b59a18.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\ba4c12bee3027d94da5c81db2d196bfd.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\c25bb4b46988f213a04e5145e3c057f0.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\e79d569ba77562f0d4316e586835f0a2.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\f5ac7c069b9e6b412c43f7ea38d34f76.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\f851f7347b44de50d7b2e29211ae1802.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\f98c2d3f49d939114e6995a40c552630.exe
c:\documents and settings\vgame\taskmgr.exe
c:\documents and settings\vgame\taskmgr.exe.tmp
c:\program files\Complitly
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\install
c:\windows\system32\install\system.exe
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\windows
c:\windows\system32\windows.\csrss.exe
c:\windows\system32\Windows\csrss.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DCSERVICE.EXE
-------\Service_DCService.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-03-21 au 2013-04-21 ))))))))))))))))))))))))))))))))))))
.
.
2013-04-21 16:23 . 2013-04-21 16:23 -------- dc----w- c:\documents and settings\vgame\Local Settings\Application Data\PCHealth
2013-04-21 12:50 . 2013-04-21 12:50 -------- dc----w- c:\documents and settings\vgame\Application Data\DivX
2013-04-19 12:44 . 2013-04-19 12:46 -------- d-----w- c:\program files\PokerStars.FR
2013-04-19 11:31 . 2013-04-19 11:31 -------- dc----w- c:\documents and settings\vgame\Local Settings\Application Data\Samsung
2013-04-19 11:30 . 2013-04-19 11:32 -------- dc----w- c:\documents and settings\vgame\Application Data\Samsung
2013-04-11 22:19 . 2013-04-11 22:19 -------- d-----w- C:\found.002
2013-04-01 15:28 . 2013-04-01 15:28 -------- dc----w- c:\documents and settings\vgame\Local Settings\Application Data\cache
2013-03-30 19:50 . 2013-04-20 08:50 -------- dc----w- c:\documents and settings\vgame\Local Settings\Application Data\FullTiltPoker
2013-03-30 18:52 . 2013-04-20 22:46 -------- d-----w- c:\program files\Full Tilt Poker
2013-03-29 08:51 . 2013-03-29 08:51 -------- d-----w- C:\found.001
2013-03-27 21:09 . 2013-03-27 21:09 -------- dc----w- C:\Poker
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 23:23 . 2013-03-19 23:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-19 23:23 . 2011-06-18 15:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 22:54 . 2013-03-19 22:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-19 22:54 . 2011-06-07 11:57 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-19 22:54 . 2013-02-10 20:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 22:54 . 2011-12-12 07:59 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2008-04-13 17:33 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-13 19:07 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2008-04-13 17:07 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2008-04-13 16:58 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:55 . 2008-04-13 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 01:55 . 2008-04-13 17:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:55 . 2008-04-13 17:33 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 01:08 . 2008-04-13 17:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2011-06-06 08:07 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 09:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-13 17:33 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-13 00:31 . 2013-04-13 00:31 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"iTunesHelper"="e:\itunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\
23556fb1360f366337f97c924e76ead3.exe [2013-4-21 44544]
5cd8f17f4086744065eb0992a09e05a2.exe [2013-4-20 44544]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
McAfee Security Scan Plus.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\XBMC\\XBMC.exe"=
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\System.exe"=
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\Chrome.exe"=
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\facebook.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56659:TCP"= 56659:TCP:Pando Media Booster
"56659:UDP"= 56659:UDP:Pando Media Booster
"58936:TCP"= 58936:TCP:Pando Media Booster
"58936:UDP"= 58936:UDP:Pando Media Booster
.
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [25/08/2011 00:15 70656]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [24/01/2013 11:32 83168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [25/08/2011 00:15 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [25/08/2011 00:15 117504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [05/02/2013 15:48 235216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [24/01/2013 11:32 181344]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 11:57 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 23:23]
.
2013-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-09 16:45]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-09 16:45]
.
.
------- Examen supplémentaire -------
.
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: Interfaces\{3EFA9696-6DCB-45ED-971E-56C3E64D7652}: NameServer = 8.8.8.8 154.15.199.142
FF - ProfilePath - c:\documents and settings\vgame\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
HKCU-Run-8107c9f97232933cc42c9d6f827202a5 - c:\documents and settings\vgame\Application Data\dnsu.exe
HKCU-Run-f98c2d3f49d939114e6995a40c552630 - c:\documents and settings\vgame\Application Data\dns_t.exe
HKCU-Run-368fc7f563096ad51849f0d2c298fc08 - c:\documents and settings\vgame\Application Data\Skype.exe
HKCU-Run-01b768079edee5f654080fe50a78d4b7 - c:\documents and settings\vgame\Application Data\csrs.exe
HKCU-Run-94e540adc4cf174ca7240135617a6982 - c:\documents and settings\vgame\Application Data\Facebook.exe
HKCU-Run-11b66f66324ac0e6e6a3c81ee698d1b6 - c:\documents and settings\vgame\Application Data\svchot.exe
HKCU-Run-c25bb4b46988f213a04e5145e3c057f0 - c:\documents and settings\vgame\taskmgr.exe
HKCU-Run-8515eb34d8f9de5af815466e9715b3e5 - c:\documents and settings\vgame\Application Data\Trojan.exe
HKCU-Run-23556fb1360f366337f97c924e76ead3 - c:\documents and settings\vgame\Application Data\svchost.exe
HKLM-Run-8107c9f97232933cc42c9d6f827202a5 - c:\documents and settings\vgame\Application Data\dnsu.exe
HKLM-Run-f98c2d3f49d939114e6995a40c552630 - c:\documents and settings\vgame\Application Data\dns_t.exe
HKLM-Run-368fc7f563096ad51849f0d2c298fc08 - c:\documents and settings\vgame\Application Data\Skype.exe
HKLM-Run-01b768079edee5f654080fe50a78d4b7 - c:\documents and settings\vgame\Application Data\csrs.exe
HKLM-Run-94e540adc4cf174ca7240135617a6982 - c:\documents and settings\vgame\Application Data\Facebook.exe
HKLM-Run-11b66f66324ac0e6e6a3c81ee698d1b6 - c:\documents and settings\vgame\Application Data\svchot.exe
HKLM-Run-c25bb4b46988f213a04e5145e3c057f0 - c:\documents and settings\vgame\taskmgr.exe
HKLM-Run-8515eb34d8f9de5af815466e9715b3e5 - c:\documents and settings\vgame\Application Data\Trojan.exe
HKLM-Run-23556fb1360f366337f97c924e76ead3 - c:\documents and settings\vgame\Application Data\svchost.exe
AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe
AddRemove-Casino.com - c:\casino\Casino.com\_SetupCasino_ae7b84.exe
AddRemove-HDM Connection Manager - c:\documents and settings\user\Bureau\Téléchargement\HDM Connection Manager\uninst.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe
AddRemove-Poker 770 - c:\poker\Poker 770\_SetupCasino_24d4.exe
AddRemove-SABnzbd - c:\program files\SABnzbd\uninstall.exe
AddRemove-SABnzbOpen_is1 - c:\program files\SABnzbOpen\unins000.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Titan Poker - c:\poker\Titan Poker\_TitanPSetup_654c35.exe
AddRemove-WinMover_is1 - c:\program files\WinMover\unins000.exe
AddRemove-Winner Casino - c:\casino\Winner Casino\_WinnerCSetup_150ba5_fr.exe
AddRemove-winnerpoker - c:\poker\Winner Poker\_WinnerPSetup_c0d06a.exe
AddRemove-{7A78CE94-2688-4C57-A5A3-067B9ECBF2BA}_is1 - c:\program files\Easy Money DEMO\unins000.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-21 19:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(552)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\Logi_MwX.Exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2013-04-21 19:38:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-04-21 19:38
.
Avant-CF: 2 256 945 152 octets libres
Après-CF: 10 474 123 264 octets libres
.
- - End Of File - - 078E3AB8BCC26C922560C94BD527253E
0
Réponse 15 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
Modifié par juju666 le 21/04/2013 à 09:06

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

ClearJavaCache::

File::
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\23556fb1360f366337f97c924e76ead3.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\5cd8f17f4086744065eb0992a09e05a2.exe
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk
c:\Documents and Settings\m\Local Settings\Temp\System.exe
c:\Documents and Settings\m\Local Settings\Temp\Chrome.exe
c:\Documents and Settings\m\Local Settings\Temp\facebook.exe

Registry::
[HKEY_LOCAL_MAHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\System.exe"=-
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\Chrome.exe"=-
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\facebook.exe"=-

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
.::. Contributeur Sécurité .::.
0
Réponse 16 / 27
eko
21 avril 2013 à 18:01
ComboFix 13-04-20.02 - vgame 22/04/2013 12:47:50.2.2 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.805 [GMT 0:00]
Lancé depuis: c:\documents and settings\vgame\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\vgame\Bureau\CFScript.txt
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
FILE ::
"c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk"
"c:\documents and settings\m\Local Settings\Temp\Chrome.exe"
"c:\documents and settings\m\Local Settings\Temp\facebook.exe"
"c:\documents and settings\m\Local Settings\Temp\System.exe"
"c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\23556fb1360f366337f97c924e76ead3.exe"
"c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\5cd8f17f4086744065eb0992a09e05a2.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\vgame\Local Settings\Temp\Trojan.exe
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\5cd8f17f4086744065eb0992a09e05a2.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-03-22 au 2013-04-22 ))))))))))))))))))))))))))))))))))))
.
.
2013-04-21 16:23 . 2013-04-21 16:23 -------- dc----w- c:\documents and settings\vgame\Local Settings\Application Data\PCHealth
2013-04-21 12:50 . 2013-04-21 12:50 -------- dc----w- c:\documents and settings\vgame\Application Data\DivX
2013-04-19 12:44 . 2013-04-19 12:46 -------- d-----w- c:\program files\PokerStars.FR
2013-04-19 11:31 . 2013-04-19 11:31 -------- dc----w- c:\documents and settings\vgame\Local Settings\Application Data\Samsung
2013-04-19 11:30 . 2013-04-19 11:32 -------- dc----w- c:\documents and settings\vgame\Application Data\Samsung
2013-04-11 22:19 . 2013-04-11 22:19 -------- d-----w- C:\found.002
2013-04-01 15:28 . 2013-04-01 15:28 -------- dc----w- c:\documents and settings\vgame\Local Settings\Application Data\cache
2013-03-30 19:50 . 2013-04-20 08:50 -------- dc----w- c:\documents and settings\vgame\Local Settings\Application Data\FullTiltPoker
2013-03-30 18:52 . 2013-04-21 23:51 -------- d-----w- c:\program files\Full Tilt Poker
2013-03-29 08:51 . 2013-03-29 08:51 -------- d-----w- C:\found.001
2013-03-27 21:09 . 2013-03-27 21:09 -------- dc----w- C:\Poker
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 23:23 . 2013-03-19 23:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-19 23:23 . 2011-06-18 15:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 22:54 . 2013-03-19 22:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-19 22:54 . 2011-06-07 11:57 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-19 22:54 . 2013-02-10 20:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 22:54 . 2011-12-12 07:59 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2008-04-13 17:33 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-13 19:07 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2008-04-13 17:07 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2008-04-13 16:58 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:55 . 2008-04-13 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 01:55 . 2008-04-13 17:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:55 . 2008-04-13 17:33 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 01:08 . 2008-04-13 17:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2011-06-06 08:07 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 09:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-13 17:33 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-13 00:31 . 2013-04-13 00:31 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"iTunesHelper"="e:\itunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\vgame\Menu Démarrer\Programmes\Démarrage\
23556fb1360f366337f97c924e76ead3.exe [2013-4-21 44544]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
McAfee Security Scan Plus.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\XBMC\\XBMC.exe"=
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\System.exe"=
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\Chrome.exe"=
"c:\\Documents and Settings\\m\\Local Settings\\Temp\\facebook.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56659:TCP"= 56659:TCP:Pando Media Booster
"56659:UDP"= 56659:UDP:Pando Media Booster
"58936:TCP"= 58936:TCP:Pando Media Booster
"58936:UDP"= 58936:UDP:Pando Media Booster
.
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [25/08/2011 00:15 70656]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [24/01/2013 11:32 83168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [25/08/2011 00:15 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [25/08/2011 00:15 117504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [05/02/2013 15:48 235216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [24/01/2013 11:32 181344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 11:57 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 23:23]
.
2013-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-09 16:45]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-09 16:45]
.
.
------- Examen supplémentaire -------
.
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\vgame\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-22 12:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2144)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\Logi_MwX.Exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2013-04-22 13:01:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-04-22 13:01
ComboFix2.txt 2013-04-21 19:38
.
Avant-CF: 10 346 029 056 octets libres
Après-CF: 10 368 466 944 octets libres
.
- - End Of File - - 75A2F4D47C62132544F884F521A0426E
0
Réponse 17 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
21 avril 2013 à 19:38
Re !

▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

▶ Exécute-le. Accepte la mise à jour.

▶ Sélectionne "Exécuter un examen complet"
▶ Clique sur "Rechercher"
▶ L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

▶ Clique donc sur Afficher les résultats.
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse : ferme le.

Si MBAM demande à redémarrer le pc : ▶ fais-le.

Au redémarrage, relance MBAM, onglet "Rapport/Logs", copie/colle celui qui correspond à l'analyse effectuée.
0
Réponse 18 / 27
eko
21 avril 2013 à 21:38
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.04.21.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
vgame :: USERE [administrateur]

Protection: Activé

22/04/2013 15:32:25
mbam-log-2013-04-22 (15-32-25).txt

Type d'examen: Examen complet (C:\|E:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 382209
Temps écoulé: 1 heure(s), 31 minute(s), 11 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 3
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 6
C:\Documents and Settings\m\Application Data\ShoppingReport2 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\res1 (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 128
C:\Documents and Settings\m\Local Settings\Temp\System.exe (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Local Settings\Temp\facebook.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Menu Démarrer\Programmes\Démarrage\301b5fcf8ce2fab8868e80b6c1f912fe.exe (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\taskmgr.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Application Data\Facebook.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Application Data\svchost.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Application Data\svchot.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Application Data\Trojan.exe.vir (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\11b66f66324ac0e6e6a3c81ee698d1b6.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\13e5090cee57967233f9b6a72ec1c5dd.exe.vir (Backdoor.Agent.NIPGen) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\1899a32ba3565d2a36a228013f5e9799.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\301b5fcf8ce2fab8868e80b6c1f912fe.exe.vir (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\488fe9187d45de3434711bfe795a2b63.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\5cd8f17f4086744065eb0992a09e05a2.exe.vir (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\8515eb34d8f9de5af815466e9715b3e5.exe.vir (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\8d0fa66a7f70d4b92f3da7199f7f9e8d.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\8e56537133e75df5421f3565a026e09d.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\94e540adc4cf174ca7240135617a6982.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\b57cb8e241634542876c995d99b59a18.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\ba4c12bee3027d94da5c81db2d196bfd.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\c25bb4b46988f213a04e5145e3c057f0.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\f5ac7c069b9e6b412c43f7ea38d34f76.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Documents and Settings\vgame\Menu Démarrer\Programmes\Démarrage\f851f7347b44de50d7b2e29211ae1802.exe.vir (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\WINDOWS\system32\install\system.exe.vir (Trojan.Dropper) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Windows\csrss.exe.vir (Trojan.Agent.DF) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198525.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198526.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198528.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198529.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198530.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198532.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198533.exe (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198535.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198536.exe (Backdoor.Agent.NIPGen) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198537.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198538.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198539.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198540.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0198541.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199529.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199530.exe (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199531.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199532.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199535.exe (Backdoor.Agent.NIPGen) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199536.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199537.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199538.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199539.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199540.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199541.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199542.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199544.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200529.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200531.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200532.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200535.exe (Backdoor.Agent.NIPGen) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200539.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200540.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200541.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200542.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0200543.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201530.exe (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201533.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201535.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201536.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201538.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201539.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201540.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201541.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201543.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0201544.exe (Backdoor.Agent.NIPGen) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0199543.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202536.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202528.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202531.exe (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202532.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202533.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202535.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202537.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202538.exe (Backdoor.Agent.NIPGen) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202539.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202540.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202541.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202542.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202543.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202544.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202545.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0202547.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203632.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203635.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203636.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203637.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203639.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203640.exe (Backdoor.Agent.NIPGen) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203641.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203642.exe (Trojan.Ransom) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203644.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203646.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203647.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203648.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203649.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203650.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203652.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203654.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203655.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203657.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203659.exe (Trojan.Dropper) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203660.exe (Trojan.Agent.DF) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0204669.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0205669.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0206669.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0207774.exe (Backdoor.Agent.TRJ) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{F43805F6-FADF-4E9B-8AD1-CDF40A6FBBFE}\RP436\A0203651.exe (Trojan.MSIL) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Local Settings\Temp\System.exe.tmp (Stolen.Data) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Local Settings\Temp\Chrome.exe (Trojan.PWS) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\logs.dat (Bifrose.Trace) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\vgame\Application Data\logs.dat (Bifrose.Trace) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Local Settings\Temp\IELOGIN.abc (Malware.Trace) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Local Settings\Temp\UuU.uUu (Malware.Trace) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Local Settings\Temp\XxX.xXx (Malware.Trace) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Local Settings\Temp\facebook.exe.tmp (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\m\Application Data\ShoppingReport2\cs\res1\WhiteList.dbs (Adware.ShoppingReport2) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Réponse 19 / 27
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
21 avril 2013 à 21:47
Change tous tes mots de passe, ils ont été volés.

Télécharge sur cette page: AdwCleaner (de Xplode)

▶ Lance-le

clique sur Suppression et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.
0
Réponse 20 / 27
eko
21 avril 2013 à 22:10
j n peux pas poster le raport . titre du message non ronseigne
0